Fixes for prod k8s

Dockerfile

@@ -2,7 +2,14 @@ FROM ubuntu:22.04
 
 RUN apt update && \
       apt install -y --no-install-recommends --no-install-suggests \
-      netcat-traditional ca-certificates curl gnupg git podman fuse-overlayfs iproute2
+      netcat-traditional ca-certificates curl gnupg git fuse-overlayfs iproute2 podman iptables
+
+# Podman
+#WORKDIR /tmp
+#RUN curl -LO https://github.com/mgoltzsche/podman-static/releases/latest/download/podman-linux-amd64.tar.gz && \
+#    tar zxvf podman-linux-amd64.tar.gz && \
+#    cp -r podman-linux-amd64/usr podman-linux-amd64/etc / && \
+#    rm -rf podman-linux-amd64
 
 # Node
 ARG NODE_MAJOR=20
@@ -27,13 +34,10 @@ RUN npm config set @cerc-io:registry https://git.vdb.to/api/packages/cerc-io/npm
 
 # symlink podman to docker
 RUN ln -s $(which podman) $(dirname `which podman`)/docker
+#RUN ln -s /usr/local/bin/podman /usr/bin/podman && \
+#      ln -s /usr/local/bin/podman /usr/bin/docker
 
-RUN mkdir -p /srv/containers/podman && \
+RUN mkdir -p /srv && mkdir -p /app
-      mkdir -p /srv/containers/logs
-
-COPY storage.conf /etc/containers
-
-RUN mkdir -p /app
 
 COPY . /app/
 WORKDIR /app/

docker-compose.yml

@@ -1,16 +1,13 @@
-
 services:
-  server:
+  cerc-webapp-deployer:
     image: cerc/webapp-deployer-backend:local
     restart: always
     volumes:
-      - containers:/srv/containers/podman
+      - srv:/srv
-      - logs:/srv/logs
       - config:/etc/config:ro
     ports:
       - 9555
 
 volumes:
   config:
-  containers:
+  srv:
-  logs:

run.sh

@@ -1,5 +1,15 @@
 #!/bin/bash
 
+function is_privileged {
+  ip link add dummy0 type dummy >/dev/null
+  if [[ $? -eq 0 ]]; then
+    echo "true"
+    ip link delete dummy0 >/dev/null
+  else
+    echo "false"
+  fi
+}
+
 if [ -z "$DEPLOYMENT_DNS_SUFFIX" ]; then
   echo "DEPLOYMENT_DNS_SUFFIX is required."
   exit 2
@@ -25,61 +35,79 @@ if [ ! -f "/etc/config/kube.yml" ]; then
   exit 2
 fi
 
-if [ ! -z "$IMAGE_REGISTRY_CREDS" ]; then
+STORAGE_ROOT="${STORAGE_ROOT:-/srv}"
-  docker login --password "$IMAGE_REGISTRY_CREDS" --username ${IMAGE_REGISTRY_USER:-ANY} $IMAGE_REGISTRY
+DEPLOYMENTS_DIR="${DEPLOYMENTS_DIR:-$STORAGE_ROOT/deployments}"
+LOG_DIR="${LOG_DIR:-$STORAGE_ROOT/logs}"
+CONTAINERS_DIR="${CONTAINER_DIR:-$STORAGE_ROOT/containers}"
+
+if [[ ! -d "${DEPLOYMENTS_DIR}" ]]; then
+  mkdir -p "${DEPLOYMENTS_DIR}"
 fi
 
-function is_privileged {
+LOG_OPTS=""
-  ip link add dummy0 type dummy >/dev/null
+if [[ -n "${LOG_DIR}" ]]; then
-  if [[ $? -eq 0 ]]; then
+  if [[ ! -d "${LOG_DIR}" ]]; then
-    echo "true"
+    mkdir -p "${LOG_DIR}"
-    ip link delete dummy0 >/dev/null
-  else
-    echo "false"
   fi
-}
+  LOG_OPTS="--log-dir $LOG_DIR"
-
-if [[ "true" == "`is_privileged`" ]]; then
-  echo "Using 'overlay' storage driver."
-else
-  echo "Using 'vfs' storage driver."
-  sed -i 's/"overlay"/"vfs"/g' /etc/containers/storage.conf
 fi
 
-if [ ! -d "/srv/deployments/webapps" ]; then
+if [[ ! -d "${CONTAINERS_DIR}" ]]; then
-  mkdir -p /srv/deployments/webapps
+  mkdir -p "${CONTAINERS_DIR}"
 fi
 
-if [ "$CLEAN_STATE" == "true" ]; then
+if [[ "$CLEAN_DEPLOYMENTS" == "true" ]]; then
-  echo "Removing existing state..."
+  echo "Cleaning deployments directory..."
-  rm -f /srv/deployments//webapps/*.state
+  rm -rf ${DEPLOYMENTS_DIR}/*
+fi
+
+if [[ "$CLEAN_CONTAINERS" == "true" ]]; then
+  echo "Cleaning containers directory..."
+  rm -rf ${CONTAINERS_DIR}/*
+fi
+
+if [[ "$CLEAN_LOGS" == "true" ]] && [[ -n "$LOG_DIR" ]]; then
+  echo "Cleaning logs directory..."
+  rm -rf ${LOG_DIR}/*
+fi
+
+STORAGE_DRIVER="${STORAGE_DRIVER}"
+if [[ -z "${STORAGE_DRIVER}" ]]; then
+  if [[ "true" == "`is_privileged`" ]]; then
+    STORAGE_DRIVER="overlay"
+  else
+    STORAGE_DRIVER="vfs"
+  fi
+fi
+echo "Using '$STORAGE_DRIVER' storage driver."
+
+cat > /etc/containers/storage.conf <<EOF
+[storage]
+driver = "${STORAGE_DRIVER}"
+runroot = "${CONTAINERS_DIR}/podman/run"
+graphroot = "${CONTAINERS_DIR}/podman/storage"
+[storage.options.overlay]
+mount_program = "/usr/bin/fuse-overlayfs"
+EOF
+
+if [[ -n "$IMAGE_REGISTRY_CREDS" ]]; then
+  podman login --password "$IMAGE_REGISTRY_CREDS" --username ${IMAGE_REGISTRY_USER:-ANY} $IMAGE_REGISTRY
 fi
 
 echo "Starting API"
 cd /app/
 yarn start &
 
-LOG_OPTS=""
-LOG_DIR="${LOG_DIR}"
-
-if [[ -z "$LOG_DIR" ]] && [[ -d "/srv/containers/logs" ]]; then
-  LOG_DIR=/srv/containers/logs
-fi
-
-if [[ -n "$LOG_DIR" ]]; then
-  LOG_OPTS="$LOG_OPTS --log-dir \"$LOG_DIR\""
-fi
-
 while true; do
   echo "=============================================================="
 
   echo "########### UNDEPLOY ############"
   laconic-so undeploy-webapp-from-registry \
     --laconic-config /etc/config/laconic.yml \
-    --deployment-parent-dir /srv/deployments/webapps \
+    --deployment-parent-dir "${DEPLOYMENTS_DIR}" \
     --delete-names \
     --delete-volumes \
-    --state-file /srv/deployments/webapps/autoremove.state \
+    --state-file "${DEPLOYMENTS_DIR}/autoremove.state" \
     --include-tags "$INCLUDE_TAGS" \
     --exclude-tags "$EXCLUDE_TAGS" \
     $EXTRA_UNDEPLOY_OPTS \
@@ -90,11 +118,11 @@ while true; do
     --kube-config /etc/config/kube.yml \
     --laconic-config /etc/config/laconic.yml \
     --image-registry ${IMAGE_REGISTRY} \
-    --deployment-parent-dir /srv/deployments/webapps \
+    --deployment-parent-dir "${DEPLOYMENTS_DIR}" \
     --dns-suffix ${DEPLOYMENT_DNS_SUFFIX} \
     --record-namespace-dns crn://${DEPLOYMENT_RECORD_NAMESPACE}/dns \
     --record-namespace-deployments crn://${DEPLOYMENT_RECORD_NAMESPACE}/deployments \
-    --state-file /srv/deployments/webapps/autodeploy.state \
+    --state-file "${DEPLOYMENTS_DIR}/autodeploy.state" \
     --include-tags "$INCLUDE_TAGS" \
     --exclude-tags "$EXCLUDE_TAGS" \
     $LOG_OPTS \

src/config.ts

@@ -13,7 +13,7 @@ export const Config = {
   LISTEN_PORT: parseInt(process.env.LISTEN_PORT || '9555'),
   LISTEN_ADDR: process.env.LISTEN_ADDR || '0.0.0.0',
   LACONIC_CONFIG: process.env.LACONIC_CONFIG || '/etc/config/laconic.yml',
-  DEPLOYER_STATE: process.env.DEPLOYER_STATE || '/srv/deployments/webapps/autodeploy.state'
+  DEPLOYER_STATE: process.env.DEPLOYER_STATE || '/srv/deployments/autodeploy.state'
 };
 
 

storage.conf

@@ -1,5 +1,5 @@
 [storage]
-driver = "overlay"
+driver = "vfs"
 runroot = "/srv/containers/podman/run"
 graphroot = "/srv/containers/podman/storage"
 [storage.options.overlay]