airshipctl/krm-functions/toolbox
Andrii Ostapenko 64b5401aa2
Pass GOPROXY to image build from environment and job
Change-Id: I9f9ce1853aeee0f832c458587fdc8fb9de5566ed
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
2021-06-09 18:51:08 -05:00
..
certs Fix for Templater latest image 2021-04-28 13:04:19 +00:00
image Add toolbox krm function 2021-03-31 13:28:16 +00:00
Dockerfile Pass GOPROXY to image build from environment and job 2021-06-09 18:51:08 -05:00
main_test.go Add filtering by label to Toolbox container 2021-05-06 21:23:40 +00:00
main.go Redirect all stdout of the toolbox containers to stderr 2021-05-20 17:48:51 +00:00
README.md Externalize KRM function versions 2021-05-26 20:18:49 +00:00

Toolbox

This is KRM function written in go and uses the kyaml library for executing binaries inside container. It helps to run scripts in container as a airshipctl phase. The toolbox image has pre-installed sh shell,kubectl and calicoctl.

How to run your script as airshipctl phase

NOTE: All file paths in the following steps depend on the site you are working with and differ depending on the environment.

  1. Create a phase document (kind: Phase)

     apiVersion: airshipit.org/v1alpha1
     kind: Phase
     metadata:
       name: kubectl-wait-node-ephemeral
       clusterName: ephemeral-cluster
     config:
       executorRef:
         apiVersion: airshipit.org/v1alpha1
         kind: GenericContainer
         name: kubectl-get-node
    
  2. Create executor document (kind: GenericContainer). The executor use configRef to reference ConfigMap that will be generated using configMapGenerator. configRef must reference a Kubernetes ConfigMap with data key script with the script you want to execute. You can use kustomize configMapGenerator to create ConfigMaps (see example).

     apiVersion: airshipit.org/v1alpha1
     kind: GenericContainer
     metadata:
       name: kubectl-get-node
       labels:
         airshipit.org/deploy-k8s: "false"
     spec:
       type: krm
       image: localhost/toolbox
       hostNetwork: true
       envVars
         MY_ENV # airshipctl will populate this value from your current env, you can pass credentials like this
         MY_ENV_TWO="my-value"
     configRef:
       kind: ConfigMap
       name: kubectl-get-node
       apiVersion: v1
    
  3. Add your script as a ConfigMap. Scripts inside container have access to site kubeconfig in ${KUBECONFIG} and to context of the cluster in ${KCTL_CONTEXT} environment variables.

     apiVersion: v1
     kind: ConfigMap
     metadata:
       name: kubectl-get-node
     data:
       script: |
         #!/bin/sh
         calicoctl apply --context ${KTCL_CONTEXT} -f $RENDERED_BUNDLE_PATH
         kubectl apply --context ${KTCL_CONTEXT} -f $RENDERED_BUNDLE_PATH
    
    1. add kustomize resources
    2. include them into PhaseConfigBundle
  4. Make sure it is added to the bundle:

    1. airshipctl phase render --source config -k ConfigMap find your configmap in the output
    2. airshipctl phase render --source config -k Phase find your phase in output
    3. airshipctl phase render --source config -k GenericContainer find your executor in output
  1. Run your phase: airshipctl phase run kubectl-wait-node-ephemeral

Input bundle usage

The KRM function writes to filesystem input bundle specified in documentEntryPoint in phase declaration and imports the path to this bundle in RENDERED_BUNDLE_PATH environment variable. For example it can be used with calicoctl as calicoctl apply -f $RENDERED_BUNDLE_PATH Documents can be filtered by group, version and kind. You need to set RESOURCE_GROUP_FILTER, RESOURCE_VERSION_FILTER and/orRESOURCE_KIND_FILTER in executor definition to enable filtering.

Important notes

  1. The script must write to STDOUT valid yaml or redirect output to STDERR otherwise phase will fail with mapping values are not allowed in this context
  2. All shell scripts must begin with set -xe. This allows errors to be passed from the container to the airshipctl itself. Without this flags the container will never fail.