add terraform deployment

README.md

@@ -52,7 +52,8 @@ Starlight is compatible with Kubernetes and can replace the default `overlayfs`
 We could use helm to deploy Starlight on a Kubernetes cluster.
 
 - [I am familiar with **K8s** & Helm. **TL;DR**](https://github.com/mc256/starlight/blob/master/docs/helm.md)
-- [I have 2 **Virtual Machines**, but **TL;DR**](https://github.com/mc256/starlight/blob/master/docs/newbie.md)
+- [I have 2 **Virtual Machines**, but **TL;DR**](https://github.com/mc256/starlight/blob/master/docs/2vm.md)
+- [I know **Terraform** and have an **AWS** account](https://github.com/mc256/starlight/blob/master/docs/terraform.md)
 
 ---
 
@@ -62,7 +63,6 @@ You need to:
 1) Set up a **Starlight proxy**, 
 ideally close to the **registry** server you are using. Configure the proxy server to point to the registry and run it.
 Starlight supports any standard registry. (It can be deployed to k8s using ***Helm***)
-<br>[Find out how to install **Starlight proxy** ➡️](https://github.com/mc256/starlight/blob/master/docs/starlight-proxy.md) 
 
 
 2) Set up the worker to be able to run Starlight. 
@@ -71,7 +71,6 @@ installing **containerd** and the **Starlight snapshotter plugin**,
 configuring containerd to use the plugin, 
 and starting the Starlight snapshotter daemon
 (you also need to tell the snapshotter the address of the proxy server).
-<br>[Find out how to install **containerd** & **Starlight snapshotter plugin** ➡️](https://github.com/mc256/starlight/blob/master/docs/starlight-snapshotter.md)
 
 
 3) Convert the container image to the **Starlight format** container image.
@@ -179,8 +178,9 @@ Starlight is not complete. Our roadmap:
 | [v0.1.3](https://github.com/mc256/starlight/tree/v0.1.3) |              |2022-10-12|
 | [v0.2.7](https://github.com/mc256/starlight/tree/v0.2.7) |              |2022-11-27|
 | [v0.3.2](https://github.com/mc256/starlight/tree/v0.3.2) |              |2023-01-27|
-| [v0.4.7](https://github.com/mc256/starlight/tree/v0.4.7) | stable       |2023-06-05|
-| [v0.5.x](https://github.com/mc256/starlight)             | in progress  |  |
+| [v0.4.7](https://github.com/mc256/starlight/tree/v0.4.7) |              |2023-06-05|
+| [v0.5.x](https://github.com/mc256/starlight/tree/v0.5.8) | stable       |2023-11-26|
+| [v0.6.x](https://github.com/mc256/starlight/)            | in progress  |2024|
 
 Feature List:
 - [x] Scalable database backend (v0.2)
@@ -196,9 +196,9 @@ Feature List:
   - [x] Goharbor support (v0.2)
   - [x] Multiple platforms image support (v0.2) 
   - [x] Jointly optimizing multiple containers deployments (v0.4)
-- [ ] Argo CI/CD support (v0.6)
-  - [ ] Hook/ Scanner for automatic image conversion (v0.5)
-  - [ ] Converting containers that have already been fully retrieved using Starlight to use OverlayFS. (v0.5)
-- [ ] Starlight new features (v0.6)
-  - [ ] Resume interrupted pull connection (v0.5)
-  - [ ] Garbage Collection (v0.5)
+- [ ] Argo CI/CD support (v0.7)
+  - [ ] Hook/ Scanner for automatic image conversion (v0.7)
+  - [ ] Converting containers that have already been fully retrieved using Starlight to use OverlayFS. (v0.7)
+- [ ] Starlight new features (v0.7)
+  - [ ] Resume interrupted pull connection (v0.7)
+  - [ ] Garbage Collection (v0.7)

demo/terraform/main.tf

@@ -118,6 +118,40 @@ resource "aws_vpc_security_group_ingress_rule" "ssh_ingress" {
   description = "Allow inbound traffic for Container Registry"
 }
 
+## Internet Gateway
+resource "aws_internet_gateway" "ec2_igw" {
+  vpc_id = aws_vpc.ec2_vpc.id
+
+  tags = merge(
+    var.default_tags,
+    {
+      Name = "${local.project_name}-ec2-igw"
+    },
+  )
+}
+
+## Route Table
+resource "aws_route_table" "ec2_route_table" {
+  vpc_id = aws_vpc.ec2_vpc.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.ec2_igw.id
+  }
+
+  tags = merge(
+    var.default_tags,
+    {
+      Name = "${local.project_name}-ec2-route-table"
+    },
+  )
+}
+
+resource "aws_route_table_association" "ec2_route_table_association" {
+  subnet_id      = aws_subnet.ec2_subnet_public.id
+  route_table_id = aws_route_table.ec2_route_table.id
+}
+
 
 ## Key Pair
 resource "aws_key_pair" "deployer" {
@@ -130,7 +164,7 @@ resource "aws_key_pair" "deployer" {
 ## EC2 Host
 resource "aws_instance" "starlight_cloud" {
   ami                    = data.aws_ami.ubuntu.id
-  instance_type          = var.instance_type
+  instance_type          = var.cloud_instance_type
   subnet_id              = aws_subnet.ec2_subnet_public.id
   key_name               = var.ssh_public_key == "" ? var.ssh_key_name : aws_key_pair.deployer[0].key_name
   vpc_security_group_ids = [aws_security_group.ec2_security_group.id]
@@ -143,7 +177,7 @@ resource "aws_instance" "starlight_cloud" {
 
   root_block_device {
     volume_type           = "gp3"
-    volume_size           = var.ebs_size_in_gb
+    volume_size           = var.cloud_ebs_size_in_gb
     encrypted             = false
     delete_on_termination = true
   }
@@ -155,13 +189,51 @@ resource "aws_instance" "starlight_cloud" {
       Name = "${local.project_name}-ec2-cloud"
     },
   )
+
+  user_data = <<-EOF
+#!/bin/bash
+echo "cloud" | sudo tee /etc/hostname > /dev/null
+sudo hostname -F /etc/hostname
+echo "10.0.1.21 cloud.cluster.local" | sudo tee -a /etc/hosts > /dev/null
+
+sudo apt update && \
+sudo apt upgrade -y && \
+sudo apt install -y docker-compose git && \
+sudo usermod -aG docker ubuntu && \
+sudo systemctl enable docker && \
+sudo systemctl start docker
+
+cd /home/ubuntu && \
+git clone https://github.com/mc256/starlight.git && \
+cd /home/ubuntu/starlight && \
+git checkout v${var.starlight_version} && \
+cd /home/ubuntu/starlight/demo/compose/ && \
+cp docker-compose-example.yaml docker-compose.yaml && \
+docker-compose up -d
+
+cat <<EOT | sudo tee -a /etc/sysctl.conf > /dev/null
+net.core.wmem_max=125829120
+net.core.rmem_max=125829120
+net.ipv4.tcp_rmem= 10240 87380 125829120
+net.ipv4.tcp_wmem= 10240 87380 125829120
+net.ipv4.tcp_window_scaling = 1
+net.ipv4.tcp_timestamps = 1
+net.ipv4.tcp_sack = 1
+net.ipv4.tcp_no_metrics_save = 1
+net.core.netdev_max_backlog = 10000
+EOT
+sudo sysctl -p
+
+touch /home/ubuntu/.completed
+              EOF
+
 }
 
 
 
 resource "aws_instance" "starlight_edge" {
   ami                    = data.aws_ami.ubuntu.id
-  instance_type          = var.instance_type
+  instance_type          = var.edge_instance_type
   subnet_id              = aws_subnet.ec2_subnet_public.id
   key_name               = var.ssh_public_key == "" ? var.ssh_key_name : aws_key_pair.deployer[0].key_name
   vpc_security_group_ids = [aws_security_group.ec2_security_group.id]
@@ -174,7 +246,7 @@ resource "aws_instance" "starlight_edge" {
 
   root_block_device {
     volume_type           = "gp3"
-    volume_size           = var.ebs_size_in_gb
+    volume_size           = var.edge_ebs_size_in_gb
     encrypted             = false
     delete_on_termination = true
   }
@@ -186,4 +258,66 @@ resource "aws_instance" "starlight_edge" {
       Name = "${local.project_name}-ec2-edge"
     },
   )
+
+  user_data = <<-EOF
+#!/bin/bash
+echo "edge" | sudo tee /etc/hostname > /dev/null
+sudo hostname -F /etc/hostname
+echo "10.0.1.21 cloud.cluster.local cloud" | sudo tee -a /etc/hosts > /dev/null
+
+sudo apt update && sudo apt upgrade -y && \
+sudo apt install -y build-essential containerd
+
+sudo systemctl enable containerd  && \
+sudo systemctl start containerd
+
+wget https://go.dev/dl/go1.20.8.linux-amd64.tar.gz && \
+sudo rm -rf /usr/local/go && sudo tar -C /usr/local -xzf go1.20.8.linux-amd64.tar.gz
+
+echo "export PATH=$PATH:/usr/local/go/bin" | sudo tee -a /home/ubuntu/.bashrc > /dev/null
+
+export PATH=$PATH:/usr/local/go/bin
+export GOPATH=/home/ubuntu/go
+export HOME=/home/
+source /home/ubuntu/.bashrc
+
+
+cat <<EOT | sudo tee -a /etc/sysctl.conf > /dev/null
+net.core.wmem_max=125829120
+net.core.rmem_max=125829120
+net.ipv4.tcp_rmem= 10240 87380 125829120
+net.ipv4.tcp_wmem= 10240 87380 125829120
+net.ipv4.tcp_window_scaling = 1
+net.ipv4.tcp_timestamps = 1
+net.ipv4.tcp_sack = 1
+net.ipv4.tcp_no_metrics_save = 1
+net.core.netdev_max_backlog = 10000
+EOT
+sudo sysctl -p
+
+
+cd /home/ubuntu && \
+git clone https://github.com/mc256/starlight.git && \
+cd /home/ubuntu/starlight && \
+git checkout v${var.starlight_version} && \
+make starlight-daemon ctr-starlight && \
+sudo make install install-systemd-service 
+
+sudo systemctl enable starlight-daemon
+sudo systemctl start starlight-daemon
+
+sudo ctr-starlight add myproxy http cloud.cluster.local:8090
+
+sudo mkdir /etc/containerd/ && \
+cat <<EOT | sudo tee -a /etc/containerd/config.toml > /dev/null
+  [proxy_plugins]
+    [proxy_plugins.starlight]
+      type = "snapshot"
+      address = "/run/starlight/starlight-snapshotter.sock"
+EOT
+
+sudo systemctl restart containerd
+
+touch /home/ubuntu/.completed
+              EOF
 }

demo/terraform/outputs.tf

@@ -10,6 +10,12 @@ output "cloud-instance-public-ip" {
   sensitive   = false
 }
 
+output "cloud-instance-private-ip" {
+  description = "The ec2 instance private ip"
+  value       = aws_instance.starlight_cloud.private_ip
+  sensitive   = false
+}
+
 output "edge-instance-id" {
   description = "The ec2 instance id"
   value       = aws_instance.starlight_edge.id
@@ -21,3 +27,10 @@ output "edge-instance-public-ip" {
   value       = aws_instance.starlight_edge.public_ip
   sensitive   = false
 }
+
+output "edge-instance-private-ip" {
+  description = "The ec2 instance private ip"
+  value       = aws_instance.starlight_edge.private_ip
+  sensitive   = false
+}
+

demo/terraform/terraform.tfvars

@@ -4,3 +4,18 @@ ssh_key_name = "starlight-key"
 # please replace with your own public key
 # this is the key for accessing the EC2 instances, if empty, we assume the key above is already created
 ssh_public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEA08XpxYFsakw1hVCcFYTVvXMF+sxyF9PQ16dF+D1xP3Vr5MGq275FIyKQs0oQxKCCBtUGMIgCVrQ+V3CVu9CsfBTHoJlk1nW0dfJcB3j9kG3+3NRIHZ+FTrIO5hvMWJ+SzXTIDYgdcKLJ/YIboqBI4Rm/rNx7fVIib0K+43RcD4YRbwcMXK1lWkZ2czj+ixKmX5P0EeTLNz2J6XEsLT3V39B4QoXLKJM3TTjlRx2w980UI2lUED+3aW8jeW6Y9v9TUW5ZiZHxFLULQGD4UoivxLHUZCVJbnSaBX5r1yiE2jOvlhCXgaEa/EyYt6gBacMMC/qdIIX6nsts5+K4i/+37Jixd1qyJ5tWcxY9tUQZeiD1kuL0qy/mKtR9ONZLOUFvmWXG7t5i9axVaIyjj+Yb/4PXvEVd3jZ0jC8gcPjkkjOV22CLCCLgwtUHcDTE/OM8/oUem4Tnd/9blBjd47RfuHTdyVsujLwue5hpUo64E3JDSdVee0s1Yso1Wx8ZEfhJgqfAc+E5gSprY2pdFZUwffN52I8+72OfNnsmw1h10LqvN5Xpu+12eARr/LQHY/0E45kJRAcFbAgjUwKmKtdf0UAepb/AwLF37I9UT4uLxs56dvw4z1rJQDGQJdm8GVv0CJ8pzjBsYFYzf43Mp4+lYJ+V7BBMMo5YLa6em/bqi5s= mc256"
+
+# recommended to change to machine with more memory
+#
+# Current setting is tide to AWS free tier limit 750hours of t3.micro (1GB memory).
+cloud_instance_type = "t3.micro"
+edge_instance_type  = "t3.micro"
+
+
+# EBS volume size in GB
+# Cloud will need more space for storing the container image and metadata than the edge.
+# Please adjust the size according to your needs.
+#
+# Current setting is tide to AWS EBS free tier limit 30GB
+cloud_ebs_size_in_gb = 20
+edge_ebs_size_in_gb  = 10

demo/terraform/variables.tf

@@ -16,9 +16,15 @@ variable "ssh_public_key" {
   default     = ""
 }
 
-variable "instance_type" {
+variable "cloud_instance_type" {
   type        = string
-  default     = "t3a.nano"
+  default     = "m5a.large"
+  description = "the instance type to use"
+}
+
+variable "edge_instance_type" {
+  type        = string
+  default     = "t2.micro"
   description = "the instance type to use"
 }
 
@@ -28,7 +34,13 @@ variable "project_id" {
   description = "the project name"
 }
 
-variable "ebs_size_in_gb" {
+variable "cloud_ebs_size_in_gb" {
+  type        = number
+  default     = 20
+  description = "the ebs size in gb"
+}
+
+variable "edge_ebs_size_in_gb" {
   type        = number
   default     = 10
   description = "the ebs size in gb"