Add a "developer mode", where pods start with a (long) sleep, instead…

… the actual service. Signed-off-by: Marcio Silva <[email protected]>
keylime · Feb 2, 2024 · 9878a8b · 9878a8b
1 parent dfe73ec
commit 9878a8b
Show file tree

Hide file tree

Showing 11 changed files with 124 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -274,3 +274,22 @@ global:
  replicas: 3
  type: "LoadBalancer" 
 ```
+
+### Deploy in "developer mode"
+
+As a convenience during development, each individual service can be set to
+"developer mode", resulting in a `pod` with a long sleep time (7 days or
+604,800 seconds). The developer can then access the `pod` (via `kubectl exec
+-i`) and perform multiple iterations of code change followed by service
+(re)start (e.g., `keylime_verifier`)
+
+```
+global:
+ service:
+ registrar:
+ developer: false
+ verifier:
+ developer: true
+ agent:
+ developer: true
+```
diff --git a/build/helm/keylime/charts/keylime-agent/templates/_helpers.tpl b/build/helm/keylime/charts/keylime-agent/templates/_helpers.tpl
@@ -190,3 +190,25 @@ Decide on a privileged or unprivileged resources for a pod
 {{- toYaml .Values.unprivresources }}
 {{- end }}
 {{- end }}
+
+{{/*
+Decide which command to run
+*/}}
+{{- define "agent.command" -}}
+{{- if .Values.global.service.agent.developer }}
+{{- .Values.develcommand }}
+{{- else }}
+{{- .Values.operationcommand }}
+{{- end }}
+{{- end }}
+
+{{/*
+Decide args for command
+*/}}
+{{- define "agent.args" -}}
+{{- if .Values.global.service.agent.developer }}
+{{- .Values.develargs }}
+{{- else }}
+{{- .Values.operationargs }}
+{{- end }}
+{{- end }}
diff --git a/build/helm/keylime/charts/keylime-agent/templates/daemonset.yaml b/build/helm/keylime/charts/keylime-agent/templates/daemonset.yaml
@@ -92,7 +92,9 @@ spec:
  securityContext:
  {{- include "agent.secctx" . | nindent 12 }}
  image: '{{- include "agent.image.repository" . }}:{{- include "agent.image.tag" .}}'
- imagePullPolicy: {{ .Values.image.pullPolicy }}
+ command: {{ include "agent.command" . }}
+ args: {{ include "agent.args" . }}
+ imagePullPolicy: {{ include "agent.image.pullPolicy" . }}
  ports:
  - name: agent
  containerPort: {{ .Values.service.port }}

diff --git a/build/helm/keylime/charts/keylime-agent/values.yaml b/build/helm/keylime/charts/keylime-agent/values.yaml
@@ -31,6 +31,14 @@ serviceAccount:
 
 podAnnotations: {}
 
+# command (and args) for regular operation
+operationcommand: [ '"/bin/keylime_agent"']
+operationargs: [ "" ]
+
+# command (and args) for "developer mode"
+develcommand: [ '"/bin/sleep"' ]
+develargs: [ '"604800"' ]
+
 # security context for unprivileged containers (default)
 unprivsecurityContext:
  privileged: false

diff --git a/build/helm/keylime/charts/keylime-registrar/templates/_helpers.tpl b/build/helm/keylime/charts/keylime-registrar/templates/_helpers.tpl
@@ -189,3 +189,25 @@ Define a custom image pullpolicy.
 {{- toYaml .Values.image.pullPolicy }}
 {{- end }}
 {{- end }}
+
+{{/*
+Decide which command to run
+*/}}
+{{- define "registrar.command" -}}
+{{- if .Values.global.service.registrar.developer }}
+{{- .Values.develcommand }}
+{{- else }}
+{{- .Values.operationcommand }}
+{{- end }}
+{{- end }}
+
+{{/*
+Decide args for command
+*/}}
+{{- define "registrar.args" -}}
+{{- if .Values.global.service.registrar.developer }}
+{{- .Values.develargs }}
+{{- else }}
+{{- .Values.operationargs }}
+{{- end }}
+{{- end }}
diff --git a/build/helm/keylime/charts/keylime-registrar/templates/deployment.yaml b/build/helm/keylime/charts/keylime-registrar/templates/deployment.yaml
@@ -33,6 +33,8 @@ spec:
  securityContext:
  {{- toYaml .Values.securityContext | nindent 12 }}
  image: '{{- include "registrar.image.repository" . }}:{{- include "registrar.image.tag" .}}'
+ command: {{ include "registrar.command" . }}
+ args: {{ include "registrar.args" . }}
  imagePullPolicy: {{ include "registrar.image.pullPolicy" . }}
  ports:
  - name: registrar

diff --git a/build/helm/keylime/charts/keylime-registrar/values.yaml b/build/helm/keylime/charts/keylime-registrar/values.yaml
@@ -27,6 +27,14 @@ roleBinding:
 
 podAnnotations: {}
 
+# command (and args) for regular operation
+operationcommand: [ '"keylime_registrar"']
+operationargs: [ "" ]
+
+# command (and args) for "developer mode"
+develcommand: [ '"/bin/sleep"' ]
+develargs: [ '"604800"' ]
+
 podSecurityContext: {}
  # fsGroup: 2000
 

diff --git a/build/helm/keylime/charts/keylime-verifier/templates/_helpers.tpl b/build/helm/keylime/charts/keylime-verifier/templates/_helpers.tpl
@@ -178,3 +178,25 @@ Define a custom image pullpolicy.
 {{- toYaml .Values.image.pullPolicy }}
 {{- end }}
 {{- end }}
+
+{{/*
+Decide which command to run
+*/}}
+{{- define "verifier.command" -}}
+{{- if .Values.global.service.verifier.developer }}
+{{- .Values.develcommand }}
+{{- else }}
+{{- .Values.operationcommand }}
+{{- end }}
+{{- end }}
+
+{{/*
+Decide args for command
+*/}}
+{{- define "verifier.args" -}}
+{{- if .Values.global.service.verifier.developer }}
+{{- .Values.develargs }}
+{{- else }}
+{{- .Values.operationargs }}
+{{- end }}
+{{- end }}
diff --git a/build/helm/keylime/charts/keylime-verifier/templates/statefulset.yaml b/build/helm/keylime/charts/keylime-verifier/templates/statefulset.yaml
@@ -39,6 +39,8 @@ spec:
  securityContext:
  {{- toYaml .Values.securityContext | nindent 12 }}
  image: '{{- include "verifier.image.repository" . }}:{{- include "verifier.image.tag" .}}'
+ command: {{ include "verifier.command" . }}
+ args: {{ include "verifier.args" . }}
  imagePullPolicy: {{ include "verifier.image.pullPolicy" . }}
  ports:
  - name: verifier

diff --git a/build/helm/keylime/charts/keylime-verifier/values.yaml b/build/helm/keylime/charts/keylime-verifier/values.yaml
@@ -27,6 +27,14 @@ roleBinding:
 
 podAnnotations: {}
 
+# command (and args) for regular operation
+operationcommand: [ '"keylime_verifier"']
+operationargs: [ "" ]
+
+# command (and args) for "developer mode"
+develcommand: [ '"/bin/sleep"' ]
+develargs: [ '"604800"' ]
+
 podSecurityContext: {}
  # fsGroup: 2000
 

diff --git a/build/helm/keylime/values.yaml b/build/helm/keylime/values.yaml
@@ -177,6 +177,8 @@ global:
  type: "ClusterIP"
  # the load balancer IP to use if the type is "LoadBalancer"
  loadBalancerIP: ""
+ # If developer is set to true, the pod will start with a long sleep (7 days) instead starting the service
+ developer: false
  # verifier options
  verifier:
  # Default image is the from quay, default tag is tag the chart appVersion
@@ -189,6 +191,10 @@ global:
  # type of service, with "ClusterIP" as default. Switch to "NodePort" or "LoadBalancer" to allow
  # components external to the cluster to access the service
  type: "ClusterIP"
+ # the load balancer IP to use if the type is "LoadBalancer"
+ loadBalancerIP: ""
+ # If developer is set to true, the pod will start with a long sleep (7 days) instead starting the service
+ developer: false
  # agent options
  agent:
  # Default image is the from quay, default tag is tag the chart appVersion
@@ -205,6 +211,8 @@ global:
  # Set privileged to "false" in order to deploy unprivileged pods on the agent DaemonSet.
  # Unprivileged setting will require Kubernetes 1.26 (support for the device plugin API)
  privileged: true
+ # If developer is set to true, the pod will start with a long sleep (7 days) instead starting the service
+ developer: false
  # openshift allows specifying if running on openshift
  openshift: false
 mysql: