From 99afe4c33c82c7c854a4fd7a1e5af07c0a88979c Mon Sep 17 00:00:00 2001 From: "Giau. Tran Minh" Date: Wed, 16 Oct 2024 01:33:13 +0700 Subject: [PATCH] all: support `docker://` with Dind --- Dockerfile | 8 ++- config/dind/kustomization.yaml | 52 ++++++++++++++ config/manager/manager.yaml | 2 + skaffold.yaml | 1 + test/e2e/testscript/schema-dind.txtar | 97 +++++++++++++++++++++++++++ 5 files changed, 157 insertions(+), 3 deletions(-) create mode 100644 config/dind/kustomization.yaml create mode 100644 test/e2e/testscript/schema-dind.txtar diff --git a/Dockerfile b/Dockerfile index eef0c0c..9d1b278 100644 --- a/Dockerfile +++ b/Dockerfile @@ -46,11 +46,13 @@ ARG ATLAS_VERSION=latest ENV ATLAS_VERSION=${ATLAS_VERSION} RUN curl -sSf https://atlasgo.sh | sh +FROM docker:27.3.1-cli-alpine3.20 as docker + FROM alpine:3.20 +ENV ATLAS_KUBERNETES_OPERATOR=1 WORKDIR / -COPY --from=builder /workspace/manager . COPY --from=atlas /usr/local/bin/atlas /usr/local/bin -RUN chmod +x /usr/local/bin/atlas -ENV ATLAS_KUBERNETES_OPERATOR=1 +COPY --from=docker /usr/local/bin/docker /usr/local/bin +COPY --from=builder /workspace/manager . USER 65532:65532 ENTRYPOINT ["/manager"] diff --git a/config/dind/kustomization.yaml b/config/dind/kustomization.yaml new file mode 100644 index 0000000..d15871a --- /dev/null +++ b/config/dind/kustomization.yaml @@ -0,0 +1,52 @@ +# Copyright 2023 The Atlas Operator Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +namespace: atlas-operator-system +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../default +patches: +- target: + kind: Deployment + namespace: system + name: controller-manager + patch: |- + - op: add + path: "/spec/template/spec/containers/0/env/-" + value: + name: DOCKER_HOST + value: "unix:///run/user/1000/docker.sock" + - op: add + path: "/spec/template/spec/containers/0/volumeMounts/-" + value: + name: dind-sock + mountPath: /run/user + - op: add + path: "/spec/template/spec/containers/-" + value: + name: dind + image: docker:27.3.1-dind-rootless + securityContext: + privileged: true + runAsGroup: 1000 + runAsUser: 1000 + volumeMounts: + - name: dind-sock + mountPath: /run/user + - op: add + path: "/spec/template/spec/volumes/-" + value: + name: dind-sock + emptyDir: {} diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 4dee592..26e2d7f 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -114,5 +114,7 @@ spec: requests: cpu: 10m memory: 64Mi + volumeMounts: [] serviceAccountName: controller-manager terminationGracePeriodSeconds: 10 + volumes: [] diff --git a/skaffold.yaml b/skaffold.yaml index 697182d..c1d675d 100644 --- a/skaffold.yaml +++ b/skaffold.yaml @@ -30,6 +30,7 @@ profiles: paths: - config/default - config/sqlserver + - config/dind - name: helm deploy: helm: diff --git a/test/e2e/testscript/schema-dind.txtar b/test/e2e/testscript/schema-dind.txtar new file mode 100644 index 0000000..2c5e0ed --- /dev/null +++ b/test/e2e/testscript/schema-dind.txtar @@ -0,0 +1,97 @@ +env DB_URL=postgres://root:pass@postgres.${NAMESPACE}:5432/postgres?sslmode=disable +kubectl apply -f database.yaml +kubectl create secret generic postgres-credentials --from-literal=url=${DB_URL} +# Wait for the DB ready before creating the schema +kubectl wait --for=condition=ready --timeout=60s -l app=postgres pods + +# Create the schema +kubectl apply -f schema.yaml +kubectl wait --for=condition=ready --timeout=360s AtlasSchema/atlasschema-postgres + +# Inspect the schema to ensure it's correct +atlas schema inspect -u ${DB_URL} +cmp stdout schema.hcl +-- schema.hcl -- +table "users2" { + schema = schema.public + column "id" { + null = false + type = integer + } + primary_key { + columns = [column.id] + } +} +schema "public" { + comment = "standard public schema" +} +-- schema.yaml -- +apiVersion: db.atlasgo.io/v1alpha1 +kind: AtlasSchema +metadata: + name: atlasschema-postgres +spec: + devURL: docker://postgres/15/dev + urlFrom: + secretKeyRef: + name: postgres-credentials + key: url + schema: + sql: | + create table users2 ( + id int not null, + primary key (id) + ); +-- database.yaml -- +apiVersion: v1 +kind: Service +metadata: + name: postgres +spec: + selector: + app: postgres + ports: + - name: postgres + port: 5432 + targetPort: postgres + type: ClusterIP +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: postgres +spec: + selector: + matchLabels: + app: postgres + replicas: 1 + template: + metadata: + labels: + app: postgres + spec: + securityContext: + runAsNonRoot: true + runAsUser: 999 + containers: + - name: postgres + image: postgres:15.4 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + env: + - name: POSTGRES_PASSWORD + value: pass + - name: POSTGRES_USER + value: root + ports: + - containerPort: 5432 + name: postgres + readinessProbe: + initialDelaySeconds: 5 + periodSeconds: 2 + timeoutSeconds: 1 + exec: + command: [ "pg_isready" ]