Skip to content

Commit

Permalink
Merge pull request #1 from nevivurn/master
Browse files Browse the repository at this point in the history 
feat: add sommelier docs
  • Loading branch information
@ding-young
ding-young authored Sep 23, 2024
2 parents b674028 + d2eec54 commit 10b911b
Show file tree
Hide file tree
Showing 7 changed files with 102 additions and 35 deletions.
21 changes: 12 additions & 9 deletions .github/workflows/build.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,12 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: docker/metadata-action@v5
id: meta
with:
images: ghcr.io/${{ github.repository }}

- uses: cachix/install-nix-action@v22
- uses: cachix/install-nix-action@v27
- run: nix build .#docker

- uses: docker/login-action@v3
Expand All @@ -25,16 +29,15 @@ jobs:
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Tag and Push
- name: Publish container images
env:
GH_IMAGE: ghcr.io/${{ github.repository }}:${{ github.ref_name }}
IMAGES: ${{ steps.meta.outputs.tags }}
run: |
for img in $IMAGES; do
skopeo copy docker-archive:result "docker://$img"
done
- name: Publish Helm chart
run: |
IMAGE="$(docker load -i result | awk '{print $3}')"
docker tag "$IMAGE" "$GH_IMAGE"
docker push "$GH_IMAGE"
- uses: Azure/setup-helm@v3
- run: |
VERSION="${GITHUB_REF_NAME#v}"
helm package --version "$VERSION" --app-version "$GITHUB_REF_NAME" -d pkg/ chart/
helm push ./pkg/*.tgz "oci://ghcr.io/$GITHUB_REPOSITORY_OWNER"
23 changes: 13 additions & 10 deletions flake.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

23 changes: 19 additions & 4 deletions flake.nix
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,19 @@
{
outputs = { self, flake-utils, nixpkgs }:
flake-utils.lib.eachDefaultSystem (system:
inputs = {
flake-utils.url = "github:numtide/flake-utils";
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
};

outputs =
{
self,
flake-utils,
nixpkgs,
}:
flake-utils.lib.eachDefaultSystem (
system:
let
lib = nixpkgs.lib;
inherit (nixpkgs) lib;
pkgs = nixpkgs.legacyPackages.${system};
pkg = self.packages.${system}.default;
in
Expand All @@ -12,7 +23,10 @@
name = "waiter-docs";
src = ./.;

nativeBuildInputs = with pkgs; [ mdbook mdbook-i18n-helpers ];
nativeBuildInputs = with pkgs; [
mdbook
mdbook-i18n-helpers
];

buildPhase = ''
mdbook build -d $out
Expand All @@ -28,6 +42,7 @@
rewrite * /{err.status_code}.html
file_server
}
log
# much performance
encode zstd gzip
Expand Down
1 change: 1 addition & 0 deletions src/SUMMARY.md
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
# Summary

[Waiter](waiter.md)
[Sommelier](sommelier.md)
11 changes: 11 additions & 0 deletions src/sommelier-ca.pem
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
-----BEGIN CERTIFICATE-----
MIIBiTCCAS+gAwIBAgIQWUYhPpnmpCsGC65ZcM+jGjAKBggqhkjOPQQDAjAVMRMw
EQYDVQQKEwprdWJlcm5ldGVzMB4XDTI0MDMwOTA5Mzg1M1oXDTM0MDMwNzA5Mzg1
M1owFTETMBEGA1UEChMKa3ViZXJuZXRlczBZMBMGByqGSM49AgEGCCqGSM49AwEH
A0IABAllXAFhnC06qlSsg5lcYLQsJB3C2zjfp/yaOaYbR5G/TsEcfVTwzdWVuODC
PiNGdCd+6w0P2hIPhudtuEXjJbejYTBfMA4GA1UdDwEB/wQEAwIChDAdBgNVHSUE
FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E
FgQU7BCl5VyKLG0hTJnxj6wK87aG2TEwCgYIKoZIzj0EAwIDSAAwRQIgKnwYuFbE
8c5RDT6MtETCBw/zNPX8I4lbfB1AaRrIq6MCIQD9anECeiEd9eEb9BKJxGABov60
n/sjD+PQKsFJOs6+QQ==
-----END CERTIFICATE-----
41 changes: 41 additions & 0 deletions src/sommelier.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
# Sommelier

## kubeconfig

### Prerequisites

- Set up [waiter](waiter.md) first
- [sommelier-ca.pem](sommelier-ca.pem)

### Linux Version

```bash
# Configure the cluster
kubectl config set-cluster snucse-sommelier \
--server=https://sommelier.snucse.org:6444 \
--embed-certs \
--certificate-authority=sommelier-ca.pem

# Configure authentication
kubectl config set-credentials bacchus-dex \
--exec-api-version=client.authentication.k8s.io/v1beta1 \
--exec-command=kubectl \
--exec-arg=oidc-login \
--exec-arg=get-token \
--exec-arg=--oidc-issuer-url=https://auth.bacchus.io/dex \
--exec-arg=--oidc-client-id=bacchus-waiter \
--exec-arg=--oidc-extra-scope=email \
--exec-arg=--oidc-extra-scope=groups \
--exec-arg=--oidc-use-pkce

# Configure context
kubectl config set-context snucse-sommelier-bacchus \
--cluster=snucse-sommelier \
--user=bacchus-dex

# Switch to the context
kubectl config use-context snucse-sommelier-bacchus

# Verify configuration
kubectl auth whoami
```
17 changes: 5 additions & 12 deletions src/waiter.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,6 @@

### Prerequisites

**Download**

- [waiter-ca.pem](waiter-ca.pem)
- [kubelogin](https://github.com/int128/kubelogin)

Expand All @@ -21,7 +19,7 @@ kubectl config set-cluster bacchus-waiter \
--certificate-authority=waiter-ca.pem

# Configure authentication
kubectl config set-credentials bacchus-waiter \
kubectl config set-credentials bacchus-dex \
--exec-api-version=client.authentication.k8s.io/v1beta1 \
--exec-command=kubectl \
--exec-arg=oidc-login \
Expand All @@ -35,15 +33,14 @@ kubectl config set-credentials bacchus-waiter \
# Configure context
kubectl config set-context bacchus-waiter \
--cluster=bacchus-waiter \
--user=bacchus-waiter
--user=bacchus-dex

# Switch to the context
kubectl config use-context bacchus-waiter
```

Verify with `kubectl auth whoami`.

Grant access in the webpage.
# Verify configuration
kubectl auth whoami
```

---

Expand Down Expand Up @@ -78,7 +75,3 @@ Change `kubelogin.exe` to `kubectl-oidc_login.exe`.
Verify with `kubectl auth whoami`.

Grant access in the webpage.

## VPN

TODO

0 comments on commit 10b911b

Please sign in to comment.