Add example manifest of nerdctl ipfs registry on Kubernetes

ktock · ktock · commit 1eac07587cd7 · 2022-01-14T13:24:45.000+09:00
Signed-off-by: Kohei Tokunaga &lt;ktokunaga.mail@gmail.com&gt;
diff --git a/examples/nerdctl-ipfs-registry-kubernetes/README.md b/examples/nerdctl-ipfs-registry-kubernetes/README.md
@@ -0,0 +1,95 @@
+# Example: Node-to-Node image sharing on Kubernetes using `nerdctl ipfs registry`
+
+Usage:
+- Generate `bootstrap.yaml` by executing `bootstrap.yaml.sh` (e.g. `./bootstrap.yaml.sh > ${DIR_LOCATION}/bootstrap.yaml`)
+  - [`ipfs-swarm-key-gen`](https://github.com/Kubuxu/go-ipfs-swarm-key-gen) is required (see https://github.com/ipfs/go-ipfs/blob/v0.10.0/docs/experimental-features.md#private-networks)
+- Deploy `bootstrap.yaml` and `nerdctl-ipfs-registry.yaml` (e.g. using `kubectl apply`)
+- Make sure nodes contain containerd >= v1.5.8
+
+## Example on kind
+
+Prepare cluster (make sure kind nodes contain containerd >= v1.5.8).
+
+```console
+$ cat <<EOF > /tmp/kindconfig.yaml
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+nodes:
+- role: control-plane
+- role: worker
+- role: worker
+EOF
+$ kind create cluster --image=kindest/node:v1.23.1 --config=/tmp/kindconfig.yaml
+$ ./bootstrap.yaml.sh > ./bootstrap.yaml
+$ kubectl apply -f .
+```
+
+Prepare `kind-worker` (1st node) for importing an image to IPFS
+
+(in `kind-worker`)
+
+```console
+$ docker exec -it kind-worker /bin/bash
+(kind-worker)# NERDCTL_VERSION=0.15.0
+(kind-worker)# curl -sSL --output /tmp/nerdctl.tgz https://github.com/containerd/nerdctl/releases/download/v${NERDCTL_VERSION}/nerdctl-${NERDCTL_VERSION}-linux-amd64.tar.gz
+(kind-worker)# tar zxvf /tmp/nerdctl.tgz -C /usr/local/bin/
+```
+
+Add an image to `kind-worker`.
+
+```console
+$ docker exec -it kind-worker /bin/bash
+(kind-worker)# mkdir -p /tmp/ipfsapi ; echo -n /ip4/127.0.0.1/tcp/5001 >  /tmp/ipfsapi/api
+(kind-worker)# export IPFS_PATH=/tmp/ipfsapi
+(kind-worker)# nerdctl pull ghcr.io/stargz-containers/jenkins:2.60.3-org
+(kind-worker)# nerdctl push ipfs://ghcr.io/stargz-containers/jenkins:2.60.3-org
+(kind-worker)# nerdctl rmi ghcr.io/stargz-containers/jenkins:2.60.3-org
+```
+
+The image added to `kind-worker` is shared to `kind-worker2` via IPFS.
+You can run this image on all worker nodes using the following manifest (assuming the image is added to IPFS as CID `localhost:5050/ipfs/bafkreife3j4tgtx23jcautprornrdp2p4g3j3ndnidzdlrpd7unbpnwkce`).
+
+```console
+$ cat <<EOF | kubectl apply -f -
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: jenkins
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: jenkins
+  template:
+    metadata:
+      labels:
+        app: jenkins
+    spec:
+      containers:
+      - name: jenkins
+        image: localhost:5050/ipfs/bafkreife3j4tgtx23jcautprornrdp2p4g3j3ndnidzdlrpd7unbpnwkce
+        resources:
+          requests:
+            cpu: 1
+EOF
+```
+
+The image runs on all nodes.
+
+```console
+$ kubectl get pods -owide | grep jenkins
+jenkins-7bd8f96d79-2jbc6          1/1     Running   0          69s    10.244.1.3   kind-worker    <none>           <none>
+jenkins-7bd8f96d79-jb5lm          1/1     Running   0          69s    10.244.2.4   kind-worker2   <none>           <none>
+```
+
+## Example Dockerfile of nerdctl
+
+```Dockerfile
+FROM ubuntu:20.04
+ARG NERDCTL_VERSION=0.16.0
+RUN apt-get update -y && apt-get install -y curl && \
+    curl -sSL --output /tmp/nerdctl.tgz https://github.com/containerd/nerdctl/releases/download/v${NERDCTL_VERSION}/nerdctl-${NERDCTL_VERSION}-linux-${TARGETARCH:-amd64}.tar.gz && \
+    tar zxvf /tmp/nerdctl.tgz -C /usr/local/bin/ && \
+    rm /tmp/nerdctl.tgz
+ENTRYPOINT [ "/usr/local/bin/nerdctl", "ipfs", "registry", "serve" ]
+```
diff --git a/examples/nerdctl-ipfs-registry-kubernetes/bootstrap.yaml.sh b/examples/nerdctl-ipfs-registry-kubernetes/bootstrap.yaml.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+
+#   Copyright The containerd Authors.
+
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+
+#       http://www.apache.org/licenses/LICENSE-2.0
+
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+
+# Example script to prepare swarm key secret for IPFS bootstrap,
+# Example: ./bootstrap.yaml.sh > ./bootstrap.yaml
+
+set -eu -o pipefail
+
+for d in ipfs-swarm-key-gen ; do
+    if ! command -v $d >/dev/null 2>&1 ; then
+        echo "$d not found"
+        exit 1
+    fi
+done
+
+SWARM_KEY=$(ipfs-swarm-key-gen | base64 | tr -d '\n')
+
+cat <<EOF
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secret-config
+type: Opaque
+data:
+  ipfs-swarm-key: $SWARM_KEY
+EOF
diff --git a/examples/nerdctl-ipfs-registry-kubernetes/nerdctl-ipfs-registry.yaml b/examples/nerdctl-ipfs-registry-kubernetes/nerdctl-ipfs-registry.yaml
