| commit | 878f5f9e5f9de93b09d354db7d116fd3d558dbfa | [log] [tgz] |
|---|---|---|
| author | Lorenz Brun <lorenz@nexantic.com> | Tue May 12 16:15:39 2020 +0200 |
| committer | Lorenz Brun <lorenz@nexantic.com> | Tue May 12 16:15:39 2020 +0200 |
| tree | 994b67ea5264f7e38bb67e9043a369454eaab75d | |
| parent | 9a741a861a4cb5c52b0251a4abf3a2c606b06198 [diff] |
Add Kubernetes Worker and infrastructure Adds Kubernetes Kubelet with patches for syscall-based mounting and syscall-based (and much faster) metrics. fsquota patches have been deferred to a further revision (for robust emptyDir capacity isolation). Changes encoding of the node ID to hex since Base64-URL is not supported as a character set for K8s names. Also adds `/etc/machine-id` and `/etc/os-release` since Kubernetes wants them. `os-release` is generated by stamping, `machine-id` is the hex-encoded node ID derived from the public key. Also includes a primitive reconciler which automatically ensures a set of built-in Kubernetes objects are always present. Currently this includes a PSP and some basic RBAC policies that are elementary to proper cluster operations. Adds an additional gRPC service (NodeDebugService) to cleanly communicate with external debug and test tooling. It supports reading from logbuffers for all externally-run components, checking conditions (for replacing log matching in testing and debugging) and getting debug credentials for the Kubernetes cluster. A small utility (dbg) is provided that interfaces with NodeDebugService and provides access to its functions from the CLI. It also incorporates a kubectl wrapper which directly grabs credentials from the Debug API and passes them to kubectl (e.g. `bazel run //core/cmd/dbg -- kubectl describe node`). Test Plan: Manually tested. Kubernetes: `bazel run //core/cmd/dbg -- kubectl create -f test.yml` Checked that pods run, logs are accessible and exec works. Reading buffers: `bazel run //core/cmd/dbg -- logs containerd` Outputs containerd logs in the right order. Automated testing is in the works, but has been deferred to a future revision because this one is already too big again. X-Origin-Diff: phab/D525 GitOrigin-RevId: 0fbfa0c433de405526c7f09ef10c466896331328
This is the monorepo storing all of nexantic's internal projects and libraries.
We assume a Fedora host system provisioned using rW, and IntelliJ as the IDE.
For better reproducibility, all builds are executed in containers.
Spinning up: scripts/create_container.sh
Spinning down: scripts/destroy_container.sh
Running commands: scripts/run_in_container.sh <...>
Using bazel using a wrapper script: scripts/bin/bazel <...> (add to your local $PATH for convenience)
This repository is compatible with the IntelliJ Bazel plugin. All commands run inside the container, and necessary paths are mapped into the container.
We check the entire .ijwb project directory into the repository, which requires everyone to use the latest version of both IntelliJ and the Bazel plugin, but eliminates manual setup steps.
The following steps are necessary:
Install Google's official Bazel plugin in IntelliJ.
Add the absolute path to your ~/.cache/bazel-nxt folder to your idea64.vmoptions (Help → Edit Custom VM Options) and restart IntelliJ:
-Dbazel.bep.path=/home/leopold/.cache/bazel-nxt
Set "Bazel Binary Location" in Other Settings → Bazel Settings to the absolute path of scripts/bin/bazel. This is a wrapper that will execute Bazel inside the container.
Open the .ijwb folder as IntelliJ project.
Disable Vgo support for the project.
Run a non-incremental sync in IntelliJ
The plugin will automatically resolve paths for generated files.
If you do not use IntelliJ, you need to use the scripts/bazel_copy_generated_for_ide.sh script to copy files locally.