diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d0d6549..9082c59 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -152,11 +152,9 @@ jobs: # configure build cache, # ref to https://github.com/moby/buildkit/tree/v0.11.5#registry-push-image-and-cache-separately. cache-from: | - type=registry,ref=${{ env.REPO }}/build-cache:${{ matrix.target }}-${{ matrix.task }}${{ startsWith(github.ref, 'refs/tags/') && '-release' || '' }} + type=registry,ref=${{ env.REPO }}/build-cache:${{ matrix.target }}-${{ matrix.task }} cache-to: | - ${{ github.event_name != 'pull_request' && format('type=registry,mode=max,oci-mediatypes=false,compression=gzip,ref={0}/build-cache:{1}-{2}{3},ignore-error=true', env.REPO, matrix.target, matrix.task, startsWith(github.ref, 'refs/tags/') && '-release' || '' ) || '' }} - no-cache-filters: | - ${{ startsWith(github.ref, 'refs/tags/') && 'fetch' || '' }} + ${{ github.event_name != 'pull_request' && format('type=registry,mode=max,oci-mediatypes=false,compression=gzip,ref={0}/build-cache:{1}-{2},ignore-error=true', env.REPO, matrix.target, matrix.task) || '' }} - name: Setup Cosign if: ${{ github.event_name != 'pull_request' }} uses: sigstore/cosign-installer@v3.0.1 diff --git a/README.md b/README.md index 719c88c..186137e 100644 --- a/README.md +++ b/README.md @@ -107,10 +107,10 @@ Hermit Crab manages the archives as the following layer structure, which is abso Hermit Crab can reuse the mirroring providers by `terraform providers mirror` as well. ```shell -terraform providers mirror /tmp/providers +terraform providers mirror /tmp/providers-plugins docker run -d --restart=always -p 80:80 -p 443:443 \ - -v /tmp/providers:/usr/share/terraform/providers \ + -v /tmp/providers-plugins:/usr/share/terraform/providers/plugins \ sealio/hermitcrab ``` @@ -144,6 +144,12 @@ Terraform Provider Network Mirror protocol wants [HTTPS](https://en.wikipedia.or sealio/hermitcrab ``` +Also support to launch from Helm Chart. + +```shell +helm install my-release oci://ghcr.io/seal-io/helm-charts/hermitcrab +``` + After setting up Hermit Crab, you can configure the [CLI Configuration](https://developer.hashicorp.com/terraform/cli/config/config-file) as below to use the mirroring service. ```hcl diff --git a/deploy/manifests/docker-compose.yaml b/deploy/manifests/docker-compose.yaml new file mode 100644 index 0000000..b6df7d9 --- /dev/null +++ b/deploy/manifests/docker-compose.yaml @@ -0,0 +1,19 @@ +version: '3.6' + +services: + hermitcrab: + image: "sealio/hermitcrab:main" + restart: always + container_name: hermitcrab + command: + - "hermitcrab" + - "--log-debug" + - "--log-verbosity=4" + volumes: + - hermitcrab-data:/var/run/hermitcrab + ports: + - "80:80" + - "443:443" + +volumes: + hermitcrab-data: { } diff --git a/deploy/manifests/kubernetes.yaml b/deploy/manifests/kubernetes.yaml new file mode 100644 index 0000000..bbc9192 --- /dev/null +++ b/deploy/manifests/kubernetes.yaml @@ -0,0 +1,107 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + namespace: default + name: hermitcrab + labels: + "app.kubernetes.io/part-of": "hermitcrab" + "app.kubernetes.io/component": "hermitcrab-server" +spec: + # When a PVC does not specify a storageClassName, + # the default StorageClass is used. + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 500Mi +--- +apiVersion: v1 +kind: Service +metadata: + namespace: default + name: hermitcrab +spec: + selector: + "app.kubernetes.io/part-of": "hermitcrab" + "app.kubernetes.io/component": "hermitcrab-server" + ports: + - name: http + port: 80 + targetPort: http + - name: https + port: 443 + targetPort: https +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: walrus-system + name: terraform-provider-mirror + labels: + "app.kubernetes.io/part-of": "hermitcrab" + "app.kubernetes.io/component": "hermitcrab-server" + "app.kubernetes.io/name": "hermitcrab" +spec: + replicas: 1 + selector: + matchLabels: + "app.kubernetes.io/part-of": "hermitcrab" + "app.kubernetes.io/component": "hermitcrab-server" + "app.kubernetes.io/name": "hermitcrab" + template: + metadata: + labels: + "app.kubernetes.io/part-of": "hermitcrab" + "app.kubernetes.io/component": "hermitcrab-server" + "app.kubernetes.io/name": "hermitcrab" + spec: + automountServiceAccountToken: false + restartPolicy: Always + containers: + - name: hermitcrab + image: sealio/hermitcrab:main + imagePullPolicy: Always + resources: + limits: + cpu: '2' + memory: '4Gi' + requests: + cpu: '500m' + memory: '512Mi' + ports: + - name: http + containerPort: 80 + - name: https + containerPort: 443 + startupProbe: + failureThreshold: 10 + periodSeconds: 5 + httpGet: + port: 80 + path: /readyz + readinessProbe: + failureThreshold: 3 + timeoutSeconds: 5 + periodSeconds: 5 + httpGet: + port: 80 + path: /readyz + livenessProbe: + failureThreshold: 10 + timeoutSeconds: 5 + periodSeconds: 10 + httpGet: + # Redirect the liveness probe request. + httpHeaders: + - name: "User-Agent" + value: "" + port: 80 + path: /livez + volumeMounts: + - name: data + mountPath: /var/run/hermitcrab + volumes: + - name: data + persistentVolumeClaim: + claimName: hermitcrab diff --git a/pack/server/image/Dockerfile b/pack/server/image/Dockerfile index a06c623..35efea0 100644 --- a/pack/server/image/Dockerfile +++ b/pack/server/image/Dockerfile @@ -1,53 +1,3 @@ -# -# Fetch -# -FROM --platform=$TARGETPLATFORM hashicorp/terraform:1.5.7 AS fetch - -ARG TARGETPLATFORM -ARG TARGETOS -ARG TARGETARCH - -RUN set -eo pipefail; \ - apk add -U --no-cache \ - ca-certificates \ - curl openssh \ - unzip \ - git \ - jq \ - ; \ - rm -rf /var/cache/apk/* - -ENV TF_LOG="ERROR" -WORKDIR /workspace - -# download templates -RUN set -eo pipefail; \ - echo "walrus-catalog walrus-catalog-sandbox" | tr -s '[:blank:]' '\n' | \ - while read -r org _; do \ - curl -sSL "https://api.github.com/orgs/$org/repos" | jq -r '.[].name' | \ - while read -r repo _; do \ - git clone "https://github.com/$org/$repo" "$org"_"$repo" --depth 1; \ - done; \ - done - -# mirror plugins -## cache plugins to reduce network latency -ENV TF_PLUGIN_CACHE_DIR="/workspace/.terraform.d/plugin-cache" \ - TF_PLUGIN_MIRROR_DIR="/workspace/.terraform.d/plugins" -RUN set -eo pipefail; \ - mkdir -p $TF_PLUGIN_CACHE_DIR; \ - mkdir -p $TF_PLUGIN_MIRROR_DIR; \ - echo -e "provider_installation {\n \ - filesystem_mirror {\n \ - path = \"$TF_PLUGIN_MIRROR_DIR\"\n \ - }\n \ - direct {} \n \ - }\n" > /root/.terraformrc && \ - find . -maxdepth 1 -type d -name 'walrus-catalog*' -exec sh -c 'terraform -chdir="$1" init && terraform -chdir="$1" providers mirror $TF_PLUGIN_MIRROR_DIR' _ {} \; -## remove non-plugin files to prevent annoying message -RUN set -eo pipefail; \ - find $TF_PLUGIN_MIRROR_DIR -type f ! -name "terraform-provider-*" -delete - # # Release # @@ -77,9 +27,6 @@ ENV LANG='en_US.UTF-8' \ LANGUAGE='en_US:en' \ LC_ALL='en_US.UTF-8' -# get terraform plugins -COPY --from=fetch /workspace/.terraform.d/plugins /usr/share/terraform/providers/plugins - EXPOSE 80 443 VOLUME /var/run/hermitcrab COPY /image/ /