* proxy.Connections(): require io.ReadWriteCloser instead of net.Conn
* Orchard Controller: implement an SSH server that acts as a jump host
* Issue a warning if the name used will be invalid in the future
* Further restrict uppercase characters in names in the future
The rationale is similar to https://github.com/kubernetes/kubernetes/issues/71140.
We won't want to munge the user's input and introduce subtle bugs doing
lowercase comparisons.
* Switch from golang.org/x/net/websocket to nhooyr.io/websocket
* Do not attach errors that we can handle to the Gin's context
* Add missing newline to "no credentials specified or found, ..." message
* Fix potential NPE in ChooseUsernameAndPassword()
* Fix type in PortForward() error message in "orchard ssh vm"
* Fix potential NPE in Connections()
* Use header.Set() for consistency's sake for Authorization header
* Change event prefix to preserve order under load
When there are a lot of events streamed from a worker, it's possible to have two batches coming for the same timestamp (which is a timestamp of the event on the worker). This way the existing logic would mess up the order because `index` and the random number doesn't guarantee the order.
To fix this I've changed the format of the prefix for the event to include tro things:
1. Timestamp in nanoseconds of the injection time on the controller so two sequential batches will have guaranteed order unless they are processed within a nanosecond.
2. Made the `index` being fixed length with trailing zeros, so they are properly lexicographically sorted (`000001`, `000002`, ...).
* No need to disable linting
* Implement restart policy for VMs
* Do not update VM.Resource, we only use it as a read-only specification
* Err()/setErr(): use atomic.Pointer instead of sync.Mutex
* Controller API: introduce controller's information endpoint
* Prevent generation of empty events after channel closure
* Allow events to be buffered in the events channel
* Controller API: introduce controller's information endpoint[1]
* IntegrationGuide.md: a couple of Python and Golang examples
* Rephrase a sentence
Co-authored-by: Fedor Korotkov <fedor.korotkov@gmail.com>
---------
Co-authored-by: Fedor Korotkov <fedor.korotkov@gmail.com>
* Fail VMs if the worker had crashed/is unhealthy
* OnDiskName: properly handle cases when VM's name contains hyphens
* Worker: introduce Offline() method and check it before scheduling
* tart.List(): use Tart's JSON output
* OnDiskName: remove empty parts check
* Scheduler: move health-checking logic to a separate function
* Only fail "running" VMs
* Only fail orphaned VMs if they're in terminal state
* Integration tests
* Run healthCheckingLoopIteration() before schedulingLoopIteration()
* Worker: sync on-disk VMs only once at start
Before we had two main loops: controller loop to assign VMs and worker loop to start VMs. Each of the loops was performed upon an interval every N seconds.
This change introduces a mechanism for reactively requesting loop execution:
1. Controller loop will be executed upon VM creation to try to immediately schedule.
2. A worker will be notified upon a VM assigment and worker loop will be requested to sync immediately.
Fixes#31
* Resources support
* Ability to provide VM and worker resources via the CLI
* orchard dev: always listen on :6120
* orchard dev: support --resources
* REST API: provide resource defaults when creating VM
* OpenAPI: document "resources" field
* orchard dev: serve Swagger API documentation on /v1/
* Integration guide
* Simplified bootstrapping of a cluster
Introduced a new convention about a pre-defined `bootstrap-admin` account for `orchard controller run`. Providing `ORCHARD_BOOTSTRAP_ADMIN_TOKEN` will auto-create such user for easier configuration. `bootstrap-admin` can be used for creating other service accounts on the first run and after that can be disposed.
Also change `orchard worker run` to expect controller URL as the only parameter and a bootstrap token passed via an argument instead of using a context that might not be created.
* Missing error check
* proxy.Connections(): handle "use of closed network connection" error
* Controller: less strict timeouts that work nicely for WebSockets
* Worker: only attempt connect to the gRPC once our UID is known
* Introduce "orchard ssh" and "orchard vnc" commands
* Worker: prevent context leak by moving logic into a separate function
* Fix linter errors
* Port forwarding integration test
* Check for "uname -mo" output
* Port forwarding support
* .golangci.yml: remove and replace deprecated and archived linters
* Client: pass credentials when calling WebSocket API methods
* API: require ServiceAccountRoleComputeWrite role for port forwarding
* Use Buf
* Rename Poll() RPC method to Watch()
* Split Rendezvous into two parts: Watcher and Proxy (#32)
* Split Rendezvous into two parts: Watcher and Proxy
* Implement Proxy cancellation
* Use Protocol Buffers structure directly in Watcher
* Fix TestWatcher after switching to Protocol Buffers structure
* portForwardVM(): ensure we also check for gin's context
* Generic Events
We can try to use these generic events for script execution and storing of the output logs in events with `log` kind.
* Lint issues
* Cleanup events upon VM deletion
* Basic integration test
* Run an actual VM in tests
* Apply suggestions from code review
Co-authored-by: Nikolay Edigaryev <edigaryev@gmail.com>
* Use POST
* Make newEventKey private
* Append events in batches
* Lint issues
* Private `scopePrefix`
---------
Co-authored-by: Nikolay Edigaryev <edigaryev@gmail.com>
* Initial version of the Orchard orchestration system
* Update README.md
Co-authored-by: Fedor Korotkov <fedor.korotkov@gmail.com>
Co-authored-by: Fedor Korotkov <fedor.korotkov@gmail.com>
Nikolay Edigaryev
Fedor Korotkov