* Support URLs in hostDir policies
We can't just blindly allow remote URLs since they might contain symlinks leading to outside the archive. Instead, let's support specifying URLs where the remote archive can come from.
Fixes#145
* Ignore Lint issue
* Reverted old validation logic
* Switch from golang.org/x/net/websocket to nhooyr.io/websocket
* Do not attach errors that we can handle to the Gin's context
* Add missing newline to "no credentials specified or found, ..." message
* Fix potential NPE in ChooseUsernameAndPassword()
* Fix type in PortForward() error message in "orchard ssh vm"
* Fix potential NPE in Connections()
* Use header.Set() for consistency's sake for Authorization header
* Fix typo when passing arguments to tls.LoadX509KeyPair()
* Support TLS 1.2 too
* Do not require a controller to only present a single certificate
* No need to set ServerName since we use InsecureSkipVerify
* Use host's root CA set by default and support normal SNI scenarios
* Implement restart policy for VMs
* Do not update VM.Resource, we only use it as a read-only specification
* Err()/setErr(): use atomic.Pointer instead of sync.Mutex
* Controller API: introduce controller's information endpoint
* Prevent generation of empty events after channel closure
* Allow events to be buffered in the events channel
* Controller API: introduce controller's information endpoint[1]
* IntegrationGuide.md: a couple of Python and Golang examples
* Rephrase a sentence
Co-authored-by: Fedor Korotkov <fedor.korotkov@gmail.com>
---------
Co-authored-by: Fedor Korotkov <fedor.korotkov@gmail.com>
* Fail VMs if the worker had crashed/is unhealthy
* OnDiskName: properly handle cases when VM's name contains hyphens
* Worker: introduce Offline() method and check it before scheduling
* tart.List(): use Tart's JSON output
* OnDiskName: remove empty parts check
* Scheduler: move health-checking logic to a separate function
* Only fail "running" VMs
* Only fail orphaned VMs if they're in terminal state
* Integration tests
* Run healthCheckingLoopIteration() before schedulingLoopIteration()
* Worker: sync on-disk VMs only once at start
* Resources support
* Ability to provide VM and worker resources via the CLI
* orchard dev: always listen on :6120
* orchard dev: support --resources
* REST API: provide resource defaults when creating VM
* OpenAPI: document "resources" field
* orchard dev: serve Swagger API documentation on /v1/
* Integration guide
* Simplified bootstrapping of a cluster
Introduced a new convention about a pre-defined `bootstrap-admin` account for `orchard controller run`. Providing `ORCHARD_BOOTSTRAP_ADMIN_TOKEN` will auto-create such user for easier configuration. `bootstrap-admin` can be used for creating other service accounts on the first run and after that can be disposed.
Also change `orchard worker run` to expect controller URL as the only parameter and a bootstrap token passed via an argument instead of using a context that might not be created.
* Missing error check
* Port forwarding support
* .golangci.yml: remove and replace deprecated and archived linters
* Client: pass credentials when calling WebSocket API methods
* API: require ServiceAccountRoleComputeWrite role for port forwarding
* Use Buf
* Rename Poll() RPC method to Watch()
* Split Rendezvous into two parts: Watcher and Proxy (#32)
* Split Rendezvous into two parts: Watcher and Proxy
* Implement Proxy cancellation
* Use Protocol Buffers structure directly in Watcher
* Fix TestWatcher after switching to Protocol Buffers structure
* portForwardVM(): ensure we also check for gin's context
* Generic Events
We can try to use these generic events for script execution and storing of the output logs in events with `log` kind.
* Lint issues
* Cleanup events upon VM deletion
* Basic integration test
* Run an actual VM in tests
* Apply suggestions from code review
Co-authored-by: Nikolay Edigaryev <edigaryev@gmail.com>
* Use POST
* Make newEventKey private
* Append events in batches
* Lint issues
* Private `scopePrefix`
---------
Co-authored-by: Nikolay Edigaryev <edigaryev@gmail.com>
* Initial version of the Orchard orchestration system
* Update README.md
Co-authored-by: Fedor Korotkov <fedor.korotkov@gmail.com>
Co-authored-by: Fedor Korotkov <fedor.korotkov@gmail.com>
Fedor Korotkov
Nikolay Edigaryev