-
Notifications
You must be signed in to change notification settings - Fork 3.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature/fabric builder k8s #739
Merged
mbwhite
merged 3 commits into
hyperledger:main
from
jkneubuh:feature/fabric-builder-k8s
May 26, 2022
Merged
Changes from all commits
Commits
Show all changes
3 commits
Select commit
Hold shift + click to select a range
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -4,3 +4,4 @@ network-debug.log | |
build/ | ||
.env | ||
bin/ | ||
*.tgz |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
# | ||
# Copyright IBM Corp. All Rights Reserved. | ||
# | ||
# SPDX-License-Identifier: Apache-2.0 | ||
# | ||
--- | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: Role | ||
metadata: | ||
name: fabric-builder-role | ||
rules: | ||
- apiGroups: | ||
- "" | ||
- apps | ||
resources: | ||
- pods | ||
- deployments | ||
- configmaps | ||
- secrets | ||
verbs: | ||
- get | ||
- watch | ||
- create |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
# | ||
# Copyright IBM Corp. All Rights Reserved. | ||
# | ||
# SPDX-License-Identifier: Apache-2.0 | ||
# | ||
--- | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: RoleBinding | ||
metadata: | ||
name: fabric-builder-rolebinding | ||
roleRef: | ||
apiGroup: rbac.authorization.k8s.io | ||
kind: Role | ||
name: fabric-builder-role | ||
subjects: | ||
- namespace: ${NS} | ||
kind: ServiceAccount | ||
name: default |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
# | ||
# Copyright IBM Corp. All Rights Reserved. | ||
# | ||
# SPDX-License-Identifier: Apache-2.0 | ||
# | ||
--- | ||
apiVersion: batch/v1 | ||
kind: Job | ||
metadata: | ||
name: org1-install-k8s-builder | ||
spec: | ||
backoffLimit: 0 | ||
completions: 1 | ||
template: | ||
metadata: | ||
name: org1-install-k8s-builder | ||
spec: | ||
restartPolicy: "Never" | ||
containers: | ||
- name: main | ||
image: ghcr.io/hyperledgendary/k8s-fabric-peer:${K8S_CHAINCODE_BUILDER_VERSION} | ||
imagePullPolicy: IfNotPresent | ||
command: | ||
- sh | ||
- -c | ||
- "mkdir -p /mnt/fabric-org1/fabric/external_builders && cp -rv /opt/hyperledger/k8s_builder /mnt/fabric-org1/fabric/external_builders/" | ||
volumeMounts: | ||
- name: fabric-org1-volume | ||
mountPath: /mnt/fabric-org1 | ||
volumes: | ||
- name: fabric-org1-volume | ||
persistentVolumeClaim: | ||
claimName: fabric-org1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
# | ||
# Copyright IBM Corp. All Rights Reserved. | ||
# | ||
# SPDX-License-Identifier: Apache-2.0 | ||
# | ||
--- | ||
apiVersion: batch/v1 | ||
kind: Job | ||
metadata: | ||
name: org2-install-k8s-builder | ||
spec: | ||
backoffLimit: 0 | ||
completions: 1 | ||
template: | ||
metadata: | ||
name: org2-install-k8s-builder | ||
spec: | ||
restartPolicy: "Never" | ||
containers: | ||
- name: main | ||
image: ghcr.io/hyperledgendary/k8s-fabric-peer:${K8S_CHAINCODE_BUILDER_VERSION} | ||
imagePullPolicy: IfNotPresent | ||
command: | ||
- sh | ||
- -c | ||
- "mkdir -p /mnt/fabric-org2/fabric/external_builders && cp -rv /opt/hyperledger/k8s_builder /mnt/fabric-org2/fabric/external_builders/" | ||
volumeMounts: | ||
- name: fabric-org2-volume | ||
mountPath: /mnt/fabric-org2 | ||
volumes: | ||
- name: fabric-org2-volume | ||
persistentVolumeClaim: | ||
claimName: fabric-org2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm sure there's a good reason but I'm slightly puzzled by the approach of using a peer image which already has the k8s builder preconfigured, just to copy out the builder binaries for use by the peer image which the k8s peer image is based on
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure if this is a "good reason" but I ran into a case yesterday where I needed to test some changes in the
fabric-builder-k8s
binaries. I was queued up with some code to switch over to the wget/curl style download from the binary release archive, and then realized that this meant there was no way for me to test my builder updates without publishing custom binaries to a web server. AND the only way to build a Linux binary is to ... run linux ... or wade through Golang args to figure out how to cross-compile the builders natively on my machine. AND ... no makefile in the builder package ... AND ... I.e.. the only way to test an edit to the builder is to publish a release on the builder project and let the GitHub action turn the crank.Seems like a little thing but it spun out of control pretty quickly. I just wanted to test out a one line update in the golang code, but couldn't do so without a few hours of hacking on the environment.
So the workaround that seemed to do well was to use the Docker build of the builders, tag it, and load it into KIND so that the cluster would not go out to pull an image (or binary) from ghcr.io. This only worked with the distribution of binaries via Docker. Something like:
and ...
So some work in this area -- somewhere -- still needs to be done. I agree it is a bit unconventional with the current scheme but it seemed to work out well for the task at hand.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It was more that
k8s-fabric-peer
already has everything you need in it as-is without any messing about with wget, which is why I added/useTEST_NETWORK_FABRIC_PEER_IMAGE
all the time. I'm sure I'm just missing something obvious.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
aha!
The line in the sand here is : "no Kube dependencies in Fabric." (No fair building out of-band peer images that pre-bundle the builder.) The builder is either IN the peer image, or it's NOT in the peer image.
Answer: it's NOT. This PR works around the constraint of "no builder in peer."
Let's not re-visit / open : fabric #3405 or fabric #3407
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There's a difference between putting the k8s builder code in the fabric repo with the CCaaS builder, which seems like a fair line in the sand to preserve, and publishing a handy preconfigured peer image from the k8s builder repo. I don't mind either way but there is no "the peer image" but rather a sample peer image provided "out of the box" by Fabric, which as far as I know is not actually intended for serious use. Other peer images are available, such as the very nice k8s builder peer image :)