Merge pull request #67 from glothriel/57-release-1-0-0

#57: Add building of docker images on PRs + Helm releases
glothriel · Jun 4, 2024 · 663552b · 663552b
2 parents 845a022 + 2727bf4
commit 663552b
Show file tree

Hide file tree

Showing 5 changed files with 74 additions and 25 deletions.
diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml
@@ -1,8 +1,8 @@
 name: Docker
 on:
   push:
-    tags:
-      - '*'
+    tags: ["*"]
+  pull_request:
 
 jobs:
   controller:
@@ -18,7 +18,7 @@ jobs:
         uses: docker/setup-buildx-action@v1
 
       - name: Login to Github Packages
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
@@ -31,7 +31,7 @@ jobs:
           images: ghcr.io/glothriel/wormhole-controller
 
       - name: Build image and push to GCR
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v5
         with:
           context: .
           build-args: |
@@ -40,8 +40,8 @@ jobs:
             VERSION=${{ steps.meta.outputs.tags }}
             PROJECT=..
           file: docker/goDockerfile
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: "${{ steps.meta.outputs.tags }},ghcr.io/glothriel/wormhole-controller:latest"
           labels: ${{ steps.meta.outputs.labels }}
 
 
@@ -58,7 +58,7 @@ jobs:
         uses: docker/setup-buildx-action@v1
 
       - name: Login to Github Packages
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
@@ -71,12 +71,12 @@ jobs:
           images: ghcr.io/glothriel/wormhole-wireguard
 
       - name: Build image and push to GCR
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v5
         with:
           context: docker
           file: docker/wgDockerfile
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: "${{ steps.meta.outputs.tags }},ghcr.io/glothriel/wormhole-wireguard:latest"
           labels: ${{ steps.meta.outputs.labels }}
 
 
@@ -93,7 +93,7 @@ jobs:
         uses: docker/setup-buildx-action@v1
 
       - name: Login to Github Packages
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
@@ -106,11 +106,11 @@ jobs:
           images: ghcr.io/glothriel/wormhole-nginx
 
       - name: Build image and push to GCR
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v5
         with:
           context: docker
           file: docker/nginxDockerfile
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: "${{ steps.meta.outputs.tags }},ghcr.io/glothriel/wormhole-nginx:latest"
           labels: ${{ steps.meta.outputs.labels }}
 
diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml
@@ -0,0 +1,46 @@
+name: Helm
+on:
+  push:
+    tags: ["*"]
+  pull_request:
+
+jobs:
+  chart:
+    runs-on: ubuntu-latest
+    timeout-minutes: 60
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Set the version (tag)
+        if: github.event_name == 'push'
+        run: echo "VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
+
+      - name: Set the the mock version (PR)
+        if: github.event_name == 'pull_request'
+        run: echo "VERSION=PR-${GITHUB_SHA}" >> $GITHUB_ENV
+
+      - name: Replace the version in Chart.yaml
+        run: |
+          sed -i "s/version: .*/version: $VERSION/" kubernetes/helm/Chart.yaml
+      
+      - name: Print the changes
+        run: cat kubernetes/helm/Chart.yaml
+
+      - name: Replace image versions in values.yaml
+        run: |
+          sed -i "s/version: .*GHA/version: $VERSION/" kubernetes/helm/values.yaml
+          sed -i "s/wgVersion: .*GHA/wgVersion: $VERSION/" kubernetes/helm/values.yaml
+          sed -i "s/nginxVersion: .*GHA/nginxVersion: $VERSION/" kubernetes/helm/values.yaml
+
+      - name: Push Helm chart to registry
+        if: github.event_name != 'pull_request' # skip on PRs
+        uses: bsord/[email protected]
+        with:
+          useOCIRegistry: true
+          registry-url:  oci://ghcr.io/${{ github.repository }}
+          username: ${{ github.actor }}
+          access-token: ${{ secrets.GITHUB_TOKEN }}
+          force: true
+          chart-folder: kubernetes/helm
diff --git a/README.md b/README.md
@@ -1,6 +1,6 @@
 # Wormhole
 
-L3 (wireguard) and L4 (NGINX) reverse TCP tunnels over wireguard, similar to ngrok, teleport or skupper, but implemented specifically for Kubernetes. Mostly a learning project. Allows exposing services from one Kubernetes cluster to another just by annotating them.
+Wireguard + Nginx Stream (L4)  reverse TCP tunnels over wireguard, similar to ngrok, teleport or skupper, but implemented specifically for Kubernetes. Mostly a learning project. Allows exposing services from one Kubernetes cluster to another just by annotating them.
 
 Wormhole is implemented using "Hub and spoke" architecture. One cluster acts as a central hub, while others are clients. Clients can expose services to the hub and the hub can expose services to the clients. Exposing of the services between the clients is **not supported**.
 
@@ -41,7 +41,9 @@ Syncing is a process of exchanging information about exposed applications on bot
 
 ## Usage
 
-You can install wormhole using helm. Please clone this repository first. For server you will need a cluster with LoadBalancer support, for client - any cluster. IP exposed by the server's LoadBalancer must be reachable from the client's cluster.
+You can install wormhole using helm. For server you will need a cluster with LoadBalancer support, for client - any cluster. IP exposed by the server's LoadBalancer must be reachable from the client's cluster.
+
+You can optionally install both the server and the client on the same cluster and use ClusterIP service for communication. See the [./Tiltfile](./Tiltfile) for an example, as the development environment uses this approach.
 
 ### Install server
 
@@ -55,13 +57,14 @@ If you'll use DNS, you can install the server in one step (replace 0.0.0.0 with
 ```
 kubectl create namespace wormhole
 
-helm install -n wormhole wh kubernetes/helm --set server.enabled=true --set server.service.type=LoadBalancer --set server.wg.publicHost="0.0.0.0"
+# Replace 1.0.0 with latest version from the releases page
+helm install -n wormhole wh oci://ghcr.io/glothriel/wormhole/wormhole --version 1.0.0 --set server.enabled=true --set server.service.type=LoadBalancer --set server.wg.publicHost="0.0.0.0"
 
 # Wait for the LoadBalancer to get an IP
 kubectl get svc -n wormhole
 
 # Update the server with the IP
-helm upgrade -n wormhole wh kubernetes/helm --set server.enabled=true --set server.service.type=LoadBalancer --set server.wg.publicHost="<the new IP>"
+helm upgrade -n wormhole wh oci://ghcr.io/glothriel/wormhole/wormhole --version 1.0.0 --set server.enabled=true --set server.service.type=LoadBalancer --set server.wg.publicHost="<the new IP>"
 ```
 
 ### Install client
@@ -71,12 +74,12 @@ You should do this on another cluster. If not, change the namespace to say `worm
 ```
 kubectl create namespace wormhole
 
-helm install -n wormhole wh kubernetes/helm --set client.enabled=true --set client.serverDsn="http://<server.wg.publicHost>:8080" --set client.name=clientOne
+helm install -n wormhole wh kubernetes/helm --set client.enabled=true --set client.serverDsn="http://<server.wg.publicHost>:8080" --set client.name=client-one
 ```
 
 ### Expose a service
 
-No you can expose a service from one infrastructure to another. Services exposed from the server will be available on all the clients. Services exposed from the client will be available only on the server.
+Now you can expose a service from one infrastructure to another. Services exposed from the server will be available on all the clients. Services exposed from the client will be available only on the server.
 
 ```
 kubectl annotate --overwrite svc --namespace <namespace> <service> wormhole.glothriel.github.com/exposed=yes
@@ -129,4 +132,4 @@ The additional services should be immediately created. Please note, that all thr
 cd tests && python setup.py develop && cd -
 
 pytest tests
-```
+```
diff --git a/kubernetes/helm/Chart.yaml b/kubernetes/helm/Chart.yaml
@@ -1,7 +1,7 @@
 ---
 apiVersion: v2
 name: wormhole
-description: Deploys wormhole, that allows connecting kubernetes clusters over encrypted websocket reverse tunnel
+description: Deploys wormhole, that allows connecting kubernetes clusters over wireguard VPN
 type: application
 version: 1.0.0
 maintainers:

diff --git a/kubernetes/helm/values.yaml b/kubernetes/helm/values.yaml
@@ -86,11 +86,11 @@ server:
 docker:
   registry: ghcr.io
   image: glothriel/wormhole-controller
-  version: 0.9.0-alpha.2
+  version: latest # GHA
   wgImage: glothriel/wormhole-wireguard
-  wgVersion: 0.9.0-alpha.2
+  wgVersion: latest # GHA
   nginxImage: glothriel/wormhole-nginx
-  nginxVersion: 0.9.0-alpha.2
+  nginxVersion: latest # GHA
 
 peering:
   psk: defaultPeeringKeyPleaseChangeMe