Merge pull request #83 from RobotSail/RobotSail/issue81

Implement Private Networking

Author: RobotSail

.github/workflows/validate-ipfs.yaml

@@ -81,7 +81,13 @@ jobs:
     runs-on: ubuntu-20.04
     steps:
     - uses: actions/checkout@v2
-
+    - name: Test commands
+      shell: bash
+      run: |
+          # display path
+          echo "${PATH}"
+          # display where awk is
+          echo $(whereis awk)
     - name: Install the Kubectl binary
       run: |
         curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"

.gitignore

@@ -36,3 +36,5 @@ vendor/*
 
 # use this directory for files during development that shouldn't be pushed
 temp/*
+
+report.json

Dockerfile

@@ -1,6 +1,10 @@
 # Build the manager binary
 FROM golang:1.18 as builder
 
+# these are reasonable defaults which accommodate 90% of cases
+ARG arch=amd64
+ARG platform=linux
+
 WORKDIR /workspace
 # Copy the Go Modules manifests
 COPY go.mod go.mod
@@ -15,7 +19,7 @@ COPY api/ api/
 COPY controllers/ controllers/
 
 # Build
-RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o manager main.go
+RUN CGO_ENABLED=0 GOOS=${platform} GOARCH=${arch} go build -a -o manager main.go
 
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details

Makefile

@@ -1,5 +1,5 @@
 # set binary versions
-GOLANGCI_VERSION := v1.46.1
+GOLANGCI_VERSION := v1.51.1
 HELM_VERSION := v3.8.2
 KUTTL_VERSION := 0.15.0
 GINKGO_VERSION := v2.7.0
@@ -105,6 +105,7 @@ help: ## Display this help.
 .PHONY: manifests
 manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
 	$(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases
+	cp config/crd/bases/* helm/ipfs-operator/crds
 
 .PHONY: generate
 generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
@@ -157,6 +158,7 @@ run: manifests generate fmt vet ## Run a controller from your host.
 	go run ./main.go
 
 .PHONY: docker-build
+# docker build -t ${IMG} . --build-arg arch=$(ARCH) --build-arg platform=$(OS)
 docker-build: ## Build docker image with the manager.
 	docker build -t ${IMG} .
 
@@ -320,6 +322,17 @@ chmod a+x "$(1)" ;\
 }
 endef
 
+# download-tool will curl any file $2 and install it to $1, using $3 as an output directory.
+define download-helm
+@[ -f $(1) ] || { \
+set -e ;\
+echo "📥 Downloading $(2)" ;\
+curl -sSLo "$(1).tar.gz" "$(2)" ;\
+tar -zxvf "$(1).tar.gz" -C "$(3)" ;\
+mv "$(3)/linux-amd64/helm" "$(1)" ;\
+}
+endef
+
 .PHONY: kuttl
 KUTTL := $(LOCALBIN)/kuttl
 KUTTL_URL := https://github.com/kudobuilder/kuttl/releases/download/v$(KUTTL_VERSION)/kubectl-kuttl_$(KUTTL_VERSION)_$(OS)_$(SYS_ARCH)
@@ -347,7 +360,7 @@ HELM := $(LOCALBIN)/helm
 HELM_URL := https://get.helm.sh/helm-$(HELM_VERSION)-$(OS)-$(ARCH).tar.gz
 helm: $(HELM) ## Install helm
 $(HELM): $(LOCALBIN)
-	$(call download-tool,$(HELM),$(HELM_URL))
+	$(call download-helm,$(HELM),$(HELM_URL),$(LOCALBIN))
 
 
 .PHONY: golangci-lint
@@ -357,4 +370,4 @@ golangci-lint: $(GOLANGCILINT) ## Download golangci-lint
 $(GOLANGCILINT): $(LOCALBIN)
 	@ echo "📥 Downloading helm"
 	curl -sSfL $(GOLANGCI_URL) | sh -s -- -b $(LOCALBIN) $(GOLANGCI_VERSION)
-	@ echo "✅ Done"
+	@ echo "✅ Done"

README.md

@@ -30,3 +30,20 @@ Once the values match your environment run the following.
 ```bash
 kubectl create -n default -f ifps.yaml
 ```
+
+### Running in KIND
+
+An easy way to test and modify changes to the operator is by running it in a local KIND cluster.
+To bootstrap a KIND cluster, you can run `hack/setup-kind-cluster.sh`, which will install all of the 
+required components to operate an IPFS cluster. 
+
+To deploy the operator in this repository into the cluster, you can run `hack/run-in-kind.sh` which
+will build the source code and inject it into the cluster.
+If you make subsequent changes, you will need to re-run `hack/run-in-kind.sh` and kill the previous
+operator manager by running `kubectl delete pod -A -n ipfs-operator-system` in order to redploy the updated image. 
+
+### Testing Local Changes
+
+If you're developing the operator and would like to test your changes locally, you can do this by
+running the kuttl end-to-end tests with `make test-e2e` after redploying the operator.
+

api/v1alpha1/circuitrelay_types.go

@@ -17,7 +17,7 @@ limitations under the License.
 package v1alpha1
 
 import (
-	"github.com/libp2p/go-libp2p-core/peer"
+	"github.com/libp2p/go-libp2p/core/peer"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 	ma "github.com/multiformats/go-multiaddr"
@@ -70,7 +70,17 @@ func (a *AddrInfoBasicType) DeepCopy() *AddrInfoBasicType {
 	return out
 }
 
+// KeyRef Defines a reference to a specific key on a certain secret.
+type KeyRef struct {
+	KeyName    string `json:"keyName"`
+	SecretName string `json:"secretName"`
+}
+
+// CircuitRelaySpec Defines a specification for the RelayCircuit launched by Kubernetes.
 type CircuitRelaySpec struct {
+	// SwarmKeyRef points to a multicodec-encoded v1 PSK stored within a secret somewhere.
+	// +optional
+	SwarmKeyRef *KeyRef `json:"swarmKeyRef,omitempty"`
 }
 
 type CircuitRelayStatus struct {

api/v1alpha1/ipfscluster_types.go

@@ -60,9 +60,14 @@ type followParams struct {
 	Template string `json:"template"`
 }
 
-// networkConfig defines the configuration structure used for networking.
-type networkConfig struct {
+// NetworkConfig defines the configuration structure used for networking.
+type NetworkConfig struct {
+	// circuitRelays defines how many CircuitRelays should be created.
 	CircuitRelays int32 `json:"circuitRelays"`
+	// public is a switch which defines whether this IPFSCluster will use
+	// the global IPFS network or create its own.
+	// +kubebuilder:default:=true
+	Public bool `json:"public,omitempty"`
 }
 
 // IpfsClusterSpec defines the desired state of the IpfsCluster.
@@ -74,9 +79,10 @@ type IpfsClusterSpec struct {
 	// replicas sets the number of replicas of IPFS Cluster nodes we should be running.
 	Replicas int32 `json:"replicas"`
 	// networking defines network configuration settings.
-	Networking networkConfig `json:"networking"`
+	Networking NetworkConfig `json:"networking"`
 	// follows defines the list of other IPFS Clusters this one should follow.
-	Follows []followParams `json:"follows"`
+	// +optional
+	Follows []*followParams `json:"follows,omitempty"`
 	// ipfsResources specifies the resource requirements for each IPFS container. If this
 	// value is omitted, then the operator will automatically determine these settings
 	// based on the storage sizes used.

api/v1alpha1/zz_generated.deepcopy.go

@@ -32,6 +32,21 @@ spec:
           metadata:
             type: object
           spec:
+            description: CircuitRelaySpec Defines a specification for the RelayCircuit
+              launched by Kubernetes.
+            properties:
+              swarmKeyRef:
+                description: SwarmKeyRef points to a multicodec-encoded v1 PSK stored
+                  within a secret somewhere.
+                properties:
+                  keyName:
+                    type: string
+                  secretName:
+                    type: string
+                required:
+                - keyName
+                - secretName
+                type: object
             type: object
           status:
             properties:

bundle/manifests/cluster.ipfs.io_circuitrelays.yaml

@@ -97,8 +97,15 @@ spec:
                 description: networking defines network configuration settings.
                 properties:
                   circuitRelays:
+                    description: circuitRelays defines how many CircuitRelays should
+                      be created.
                     format: int32
                     type: integer
+                  public:
+                    default: true
+                    description: public is a switch which defines whether this IPFSCluster
+                      will use the global IPFS network or create its own.
+                    type: boolean
                 required:
                 - circuitRelays
                 type: object
@@ -126,7 +133,6 @@ spec:
                 type: object
             required:
             - clusterStorage
-            - follows
             - ipfsStorage
             - networking
             - replicas

bundle/manifests/cluster.ipfs.io_ipfsclusters.yaml

@@ -33,6 +33,21 @@ spec:
           metadata:
             type: object
           spec:
+            description: CircuitRelaySpec Defines a specification for the RelayCircuit
+              launched by Kubernetes.
+            properties:
+              swarmKeyRef:
+                description: SwarmKeyRef points to a multicodec-encoded v1 PSK stored
+                  within a secret somewhere.
+                properties:
+                  keyName:
+                    type: string
+                  secretName:
+                    type: string
+                required:
+                - keyName
+                - secretName
+                type: object
             type: object
           status:
             properties:

bundle/manifests/ipfs-operator.clusterserviceversion.yaml

@@ -98,8 +98,15 @@ spec:
                 description: networking defines network configuration settings.
                 properties:
                   circuitRelays:
+                    description: circuitRelays defines how many CircuitRelays should
+                      be created.
                     format: int32
                     type: integer
+                  public:
+                    default: true
+                    description: public is a switch which defines whether this IPFSCluster
+                      will use the global IPFS network or create its own.
+                    type: boolean
                 required:
                 - circuitRelays
                 type: object
@@ -127,7 +134,6 @@ spec:
                 type: object
             required:
             - clusterStorage
-            - follows
             - ipfsStorage
             - networking
             - replicas