From 820a95ecf8efdd0c49527156ae88d9919daeba4c Mon Sep 17 00:00:00 2001
From: xiadanni <xiadanni1@huawei.com>
Date: Mon, 22 Nov 2021 11:18:52 +0800
Subject: [PATCH] rubik: add Dockerfile and yaml for rubik running

Signed-off-by: xiadanni <xiadanni1@huawei.com>
---
 Dockerfile                     |  3 ++
 Makefile                       | 27 +++++++++++
 hack/cluster-role-binding.yaml | 21 +++++++++
 hack/rubik-daemonset.yaml      | 84 ++++++++++++++++++++++++++++++++++
 rubik.go                       |  1 +
 5 files changed, 136 insertions(+)
 create mode 100644 Dockerfile
 create mode 100644 hack/cluster-role-binding.yaml
 create mode 100644 hack/rubik-daemonset.yaml

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..51f0e4c
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,3 @@
+FROM scratch
+COPY ./rubik /rubik
+ENTRYPOINT ["/rubik"]
diff --git a/Makefile b/Makefile
index 8b984b3..22ea08c 100644
--- a/Makefile
+++ b/Makefile
@@ -13,6 +13,7 @@
 
 CWD=$(realpath .)
 TMP_DIR := /tmp/rubik_tmpdir
+INSTALL_DIR := /var/lib/rubik
 VERSION_FILE := ./VERSION
 TEST_FILE := ./TEST
 VERSION := $(shell cat $(VERSION_FILE) | awk -F"-" '{print $$1}')
@@ -42,12 +43,31 @@ GO_BUILD=CGO_ENABLED=1 \
 
 all: release
 
+help:
+	@echo "Usage:"
+	@echo
+	@echo "make                          # build rubik for debug"
+	@echo "make release                  # build rubik for release, open security build option"
+	@echo "make image                    # container image build"
+	@echo "make check                    # static check for latest commit"
+	@echo "make checkall                 # static check for whole project"
+	@echo "make tests                    # run all testcases within project"
+	@echo "make test-unit                # only run unit test for project"
+	@echo "make cover                    # generate cover report"
+	@echo
+
 dev:
 	$(GO_BUILD) $(DEBUG_FLAGS) -o rubik $(LD_FLAGS) rubik.go
 
 release:
 	rm -rf $(TMP_DIR) && mkdir -p $(ORG_PATH) $(TMP_DIR)
 	$(GO_BUILD) -o rubik $(LD_FLAGS) rubik.go 2>/dev/null
+	@if [ -f ./hack/rubik-daemonset.yaml ]; then sed -i 's/rubik_image_name_and_tag/rubik:$(VERSION)-$(RELEASE)/g' ./hack/rubik-daemonset.yaml; fi;
+
+safe: release
+
+image: release
+	docker build -f Dockerfile -t rubik:$(VERSION)-$(RELEASE) .
 
 check:
 	@echo "Static check start for last commit"
@@ -71,3 +91,10 @@ cover:
 	go test -p 1 -v ./... -coverprofile=cover.out
 	go tool cover -html=cover.out -o cover.html
 	python3 -m http.server 8080
+
+install:
+	install -d -m 0750 $(INSTALL_DIR)
+	install -Dp -m 0550 ./rubik $(INSTALL_DIR)
+	install -Dp -m 0640 ./hack/rubik-daemonset.yaml $(INSTALL_DIR)
+	install -Dp -m 0640 ./hack/cluster-role-binding.yaml $(INSTALL_DIR)
+	install -Dp -m 0640 ./Dockerfile $(INSTALL_DIR)
diff --git a/hack/cluster-role-binding.yaml b/hack/cluster-role-binding.yaml
new file mode 100644
index 0000000..c1e020b
--- /dev/null
+++ b/hack/cluster-role-binding.yaml
@@ -0,0 +1,21 @@
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: rubik
+rules:
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs: ["list", "watch"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: rubik
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: rubik
+subjects:
+  - kind: ServiceAccount
+    name: rubik
+    namespace: kube-system
diff --git a/hack/rubik-daemonset.yaml b/hack/rubik-daemonset.yaml
new file mode 100644
index 0000000..388a957
--- /dev/null
+++ b/hack/rubik-daemonset.yaml
@@ -0,0 +1,84 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: rubik
+  namespace: kube-system
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: rubik-config
+  namespace: kube-system
+data:
+  config.json: |
+    {
+        "autoCheck": false,
+        "logDriver": "stdio",
+        "logDir": "/var/log/rubik",
+        "logSize": 1024,
+        "logLevel": "info",
+        "cgroupRoot": "/sys/fs/cgroup"
+    }
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: rubik-agent
+  namespace: kube-system
+  labels:
+    k8s-app: rubik-agent
+spec:
+  selector:
+    matchLabels:
+      name: rubik-agent
+  template:
+    metadata:
+      namespace: kube-system
+      labels:
+        name: rubik-agent
+    spec:
+      serviceAccountName: rubik
+      containers:
+      - name: rubik-agent
+        image: rubik_image_name_and_tag
+        imagePullPolicy: IfNotPresent
+        env:
+          - name: RUBIK_NODE_NAME
+            valueFrom:
+              fieldRef:
+                fieldPath: spec.nodeName
+        resources:
+          limits:
+            memory: 200Mi
+          requests:
+            cpu: 100m
+            memory: 200Mi
+        volumeMounts:
+        - name: rubiklog
+          mountPath: /var/log/rubik
+          readOnly: false
+        - name: runrubik
+          mountPath: /run/rubik
+          readOnly: false
+        - name: sysfscgroups
+          mountPath: /sys/fs/cgroup
+          readOnly: false
+        - name: config-volume
+          mountPath: /var/lib/rubik
+      terminationGracePeriodSeconds: 30
+      volumes:
+      - name: rubiklog
+        hostPath:
+          path: /var/log/rubik
+      - name: runrubik
+        hostPath:
+          path: /run/rubik
+      - name: sysfscgroups
+        hostPath:
+          path: /sys/fs/cgroup
+      - name: config-volume
+        configMap:
+          name: rubik-config
+          items:
+          - key: config.json
+            path: config.json
diff --git a/rubik.go b/rubik.go
index 8fc7369..ae47c1d 100644
--- a/rubik.go
+++ b/rubik.go
@@ -18,6 +18,7 @@ import (
 
 	"isula.org/rubik/pkg/constant"
 	"isula.org/rubik/pkg/rubik"
+	_ "isula.org/rubik/pkg/version"
 )
 
 func main() {
-- 
Gitee