Skip to content
This repository was archived by the owner on Jan 22, 2026. It is now read-only.

Qemu exporter demo env #7

Closed
NickCao wants to merge 22 commits into from
Closed

Qemu exporter demo env #7

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
78973f7
Create qemu exporters
NickCao Mar 10, 2025
fcde776
tmate
NickCao Mar 24, 2025
d8bfe78
fixup
NickCao Mar 24, 2025
bbbccee
Pass ca to container with configmap
NickCao Mar 24, 2025
ea39cd4
Revert "tmate"
NickCao Mar 24, 2025
8a65d8c
Watch entire statefulset
NickCao Mar 24, 2025
bd8aa5b
Use qemu driver
NickCao Mar 26, 2025
7dbc0e8
Get rid of dex
NickCao Mar 26, 2025
153a5df
Get rid of custom kind config
NickCao Mar 26, 2025
04717bf
Automatically create exporter
NickCao Mar 26, 2025
0b8c8ae
Auto provision exporter
NickCao Mar 26, 2025
c9e8591
Auto namespace
NickCao Mar 26, 2025
afdd621
Automatic provision
NickCao Mar 26, 2025
a14b957
Read endpoint from crd
NickCao Mar 26, 2025
99f2f0f
fixup! Read endpoint from crd
NickCao Mar 26, 2025
20798ac
fixup! fixup! Read endpoint from crd
NickCao Mar 26, 2025
fa0241d
fixup! fixup! fixup! Read endpoint from crd
NickCao Mar 26, 2025
f866fed
Add FIXME
NickCao Mar 26, 2025
71ed2b9
Set labels
NickCao Mar 26, 2025
71e6cd5
fixup! Add FIXME
NickCao Mar 26, 2025
271c11e
fixup! Set labels
NickCao Mar 26, 2025
247b488
Set claimMappings
NickCao Mar 26, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/selftest.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,5 +15,5 @@ jobs:
path: e2e
- uses: ./e2e
with:
controller-ref: main
controller-ref: oidc-ca
jumpstarter-ref: main
129 changes: 2 additions & 127 deletions action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,36 +30,12 @@ runs:
- name: Deploy dex
shell: bash
run: |
go run github.com/cloudflare/cfssl/cmd/cfssl@latest gencert -initca "$GITHUB_ACTION_PATH"/ca-csr.json | \
go run github.com/cloudflare/cfssl/cmd/cfssljson@latest -bare ca -
go run github.com/cloudflare/cfssl/cmd/cfssl@latest gencert -ca=ca.pem -ca-key=ca-key.pem \
-config="$GITHUB_ACTION_PATH"/ca-config.json -profile=www "$GITHUB_ACTION_PATH"/dex-csr.json | \
go run github.com/cloudflare/cfssl/cmd/cfssljson@latest -bare server

cp "$GITHUB_ACTION_PATH"/kind_cluster.yaml ./controller/hack/kind_cluster.yaml
make -C controller cluster

kubectl create namespace dex
kubectl -n dex create secret tls dex-tls \
--cert=server.pem \
--key=server-key.pem

go run github.com/mikefarah/yq/v4@latest -i \
'.jumpstarter-controller.config.authentication.jwt[0].issuer.certificateAuthority = load_str("ca.pem")' \
"$GITHUB_ACTION_PATH"/values.kind.yaml

# important!
kubectl create clusterrolebinding oidc-reviewer \
--clusterrole=system:service-account-issuer-discovery \
--group=system:unauthenticated

helm repo add dex https://charts.dexidp.io
helm install --namespace dex --wait -f "$GITHUB_ACTION_PATH"/dex.values.yaml dex dex/dex

sudo cp ca.pem /usr/local/share/ca-certificates/dex.crt
sudo update-ca-certificates

echo "127.0.0.1 dex.dex.svc.cluster.local" | sudo tee -a /etc/hosts
- name: Deploy jumpstarter controller
shell: bash
run: |
Expand All @@ -77,107 +53,6 @@ runs:
- name: Run jumpstarter
shell: bash
run: |
ENDPOINT=$(helm get values jumpstarter --output json | jq -r '."jumpstarter-controller".grpc.endpoint')

sudo mkdir -p /etc/jumpstarter/exporters
sudo chown $USER /etc/jumpstarter/exporters

. .venv/bin/activate

export JUMPSTARTER_GRPC_INSECURE=1

kubectl create -n default sa test-client-sa
kubectl create -n default sa test-exporter-sa

jmp admin create client test-client-oidc --unsafe --out /dev/null \
--oidc-username dex:test-client-oidc
jmp admin create client test-client-sa --unsafe --out /dev/null \
--oidc-username dex:system:serviceaccount:default:test-client-sa
jmp admin create client test-client-legacy --unsafe --save

jmp admin create exporter test-exporter-oidc --out /dev/null \
--oidc-username dex:test-exporter-oidc \
--label example.com/board oidc
jmp admin create exporter test-exporter-sa --out /dev/null \
--oidc-username dex:system:serviceaccount:default:test-exporter-sa \
--label example.com/board sa
jmp admin create exporter test-exporter-legacy --save \
--label example.com/board legacy

jmp config client list
jmp config exporter list

jmp login --client test-client-oidc \
--endpoint "$ENDPOINT" --namespace default --name test-client-oidc \
--issuer https://dex.dex.svc.cluster.local:5556 \
--username test-client-oidc@example.com --password password --unsafe

jmp login --client test-client-sa \
--endpoint "$ENDPOINT" --namespace default --name test-client-sa \
--issuer https://dex.dex.svc.cluster.local:5556 \
--connector-id kubernetes \
--token $(kubectl create -n default token test-client-sa) --unsafe

jmp login --exporter test-exporter-oidc \
--endpoint "$ENDPOINT" --namespace default --name test-exporter-oidc \
--issuer https://dex.dex.svc.cluster.local:5556 \
--username test-exporter-oidc@example.com --password password

jmp login --exporter test-exporter-sa \
--endpoint "$ENDPOINT" --namespace default --name test-exporter-sa \
--issuer https://dex.dex.svc.cluster.local:5556 \
--connector-id kubernetes \
--token $(kubectl create -n default token test-exporter-sa)

go run github.com/mikefarah/yq/v4@latest -i ". * load(\"$GITHUB_ACTION_PATH/exporter.yaml\")" \
/etc/jumpstarter/exporters/test-exporter-oidc.yaml
go run github.com/mikefarah/yq/v4@latest -i ". * load(\"$GITHUB_ACTION_PATH/exporter.yaml\")" \
/etc/jumpstarter/exporters/test-exporter-sa.yaml
go run github.com/mikefarah/yq/v4@latest -i ". * load(\"$GITHUB_ACTION_PATH/exporter.yaml\")" \
/etc/jumpstarter/exporters/test-exporter-legacy.yaml

jmp config client list
jmp config exporter list

jmp run --exporter test-exporter-oidc &
jmp run --exporter test-exporter-sa &
jmp run --exporter test-exporter-legacy &

kubectl -n default wait --for=condition=Online exporters.jumpstarter.dev/test-exporter-oidc
kubectl -n default wait --for=condition=Online exporters.jumpstarter.dev/test-exporter-sa
kubectl -n default wait --for=condition=Online exporters.jumpstarter.dev/test-exporter-legacy

jmp config client use test-client-oidc

jmp create lease --selector example.com/board=oidc --duration 1d
jmp get leases
jmp get exporters
jmp delete leases --all

jmp admin get client
jmp admin get exporter
jmp admin get lease

jmp run --exporter test-exporter-oidc &
kubectl -n default wait --for=condition=Online exporters.jumpstarter.dev/test-exporter-oidc

jmp shell --client test-client-oidc --selector example.com/board=oidc <<EOF
j power on
EOF

jmp shell --client test-client-sa --selector example.com/board=sa <<EOF
j power on
EOF

jmp shell --client test-client-legacy --selector example.com/board=legacy <<EOF
j power on
EOF

kubectl -n default get secret test-client-oidc-client
kubectl -n default get secret test-exporter-oidc-exporter

jmp admin delete client test-client-oidc -d
jmp admin delete exporter test-exporter-oidc -d
kubectl -n default apply -f "$GITHUB_ACTION_PATH"/qemu-exporter-statefulset.yaml

! kubectl -n default get secret test-client-oidc-client
! kubectl -n default get secret test-exporter-oidc-exporter
kubectl -n default rollout status --watch statefulset qemu-exporter --timeout 600s
26 changes: 0 additions & 26 deletions ca-config.json
View file
Open in desktop

This file was deleted.

19 changes: 0 additions & 19 deletions ca-csr.json
View file
Open in desktop

This file was deleted.

18 changes: 0 additions & 18 deletions dex-csr.json
View file
Open in desktop

This file was deleted.

55 changes: 0 additions & 55 deletions dex.values.yaml
View file
Open in desktop

This file was deleted.

37 changes: 0 additions & 37 deletions kind_cluster.yaml
View file
Open in desktop

This file was deleted.

Loading
Loading