diff --git a/components/edge-identity/frontend/src/app/pages/detail-dialog/detail-dialog.component.html b/components/edge-identity/frontend/src/app/pages/detail-dialog/detail-dialog.component.html index 1305a3f..7e72315 100644 --- a/components/edge-identity/frontend/src/app/pages/detail-dialog/detail-dialog.component.html +++ b/components/edge-identity/frontend/src/app/pages/detail-dialog/detail-dialog.component.html @@ -11,6 +11,11 @@ 
{{ crdText }}
+

+ For more information on how to setup and provision an edge, visit the + Edge installation guide +

+ diff --git a/docs/example/fl-edge/config/agent.conf b/docs/example/fl-edge/config/agent.conf deleted file mode 100644 index 515ac9d..0000000 --- a/docs/example/fl-edge/config/agent.conf +++ /dev/null @@ -1,32 +0,0 @@ -agent { - data_dir = "/run/spire" - log_level = "DEBUG" - join_token = "$SPIRE_AGENT_JOIN_TOKEN" - server_address = "$SPIRE_AGENT_SERVER_ADDRESS" - # Locally port-forwarded istio's https ingress gateway - server_port = "8443" - socket_path = "/run/spire/sockets/agent.sock" - trust_domain = "katulu.io" - # For ease of use with the edge-simulator/demo, the spire-server identity is - # not verified. Otherwise we need to download the ca.crt and have it available - # in this agent - insecure_bootstrap = true -} - -plugins { - NodeAttestor "join_token" { - plugin_data { - } - } - - KeyManager "memory" { - plugin_data { - } - } - - WorkloadAttestor "k8s" { - plugin_data { - skip_kubelet_verification = true - } - } -} diff --git a/docs/example/fl-edge/kustomization.yaml b/docs/example/fl-edge/kustomization.yaml index f1b6fd1..09d3115 100644 --- a/docs/example/fl-edge/kustomization.yaml +++ b/docs/example/fl-edge/kustomization.yaml @@ -3,87 +3,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ../../release-manifests/fl-edge/kustomize/fl-edge/overlays/ - -replacements: - - source: - kind: ConfigMap - name: fl-operator-params - namespace: katulu-fl - fieldPath: - data.fl_orchestrator_sni - targets: - - select: - name: floperator-sample - namespace: katulu-fl - kind: FlOperator - fieldPaths: - - spec.orchestrator-url - - spec.orchestrator-sni - - source: - kind: ConfigMap - name: fl-operator-params - namespace: katulu-fl - fieldPath: - data.fl_orchestrator_port - targets: - - select: - name: floperator-sample - namespace: katulu-fl - kind: FlOperator - fieldPaths: - - spec.orchestrator-port - options: - create: true - -patches: - - patch: |- - - op: add - path: /spec/template/spec/containers/0/env - value: - - name: SPIRE_AGENT_JOIN_TOKEN - valueFrom: - secretKeyRef: - name: spire-server-creds - key: spire_agent_join_token - - name: SPIRE_AGENT_SERVER_ADDRESS - valueFrom: - secretKeyRef: - name: spire-server-creds - key: spire_agent_server_address - - op: remove - path: /spec/template/spec/initContainers - target: - group: apps - version: v1 - kind: DaemonSet - name: spire-agent - namespace: spire - -configMapGenerator: - - name: fl-operator-params - namespace: katulu-fl - envs: - - config/fl-operator-params.env - - - name: spire-agent - namespace: spire - behavior: replace - files: - - config/agent.conf - -secretGenerator: - - name: regcred - namespace: katulu-fl - type: kubernetes.io/dockerconfigjson - files: - - .dockerconfigjson=config/internal-registry-credentials.json - - - name: spire-server-creds - namespace: spire - type: Opaque - envs: - - config/spire-server-creds.env - -generatorOptions: - disableNameSuffixHash: true + - ../../release-manifests/fl-edge/kustomize/fl-operator/base/ diff --git a/docs/init-edge.sh b/docs/init-edge.sh deleted file mode 100755 index a1f89ee..0000000 --- a/docs/init-edge.sh +++ /dev/null @@ -1,62 +0,0 @@ -#!/usr/bin/env bash - -set -e - -K8S_NODE_NAME=local-edge-control-plane -SPIRE_AGENT_HOSTNAME=$(hostname)-local-edge - -# Create spire agent's join token -SPIRE_AGENT_JOIN_TOKEN=$(kubectl exec -n spire spire-server-0 -c spire-server -- \ - /opt/spire/bin/spire-server token generate -spiffeID "spiffe://katulu.io/$SPIRE_AGENT_HOSTNAME" -ttl 3600 | \ - awk '{print $2}') - -# Allow the local-edge kind cluster's fl-clients to communicate with the fl-server -kubectl exec -n spire spire-server-0 -c spire-server -- /opt/spire/bin/spire-server entry create \ - -parentID "spiffe://katulu.io/$SPIRE_AGENT_HOSTNAME" \ - -spiffeID spiffe://katulu.io/flower-client \ - -selector "k8s:node-name:$K8S_NODE_NAME" \ - -selector "k8s:ns:katulu-fl" \ - -selector "k8s:pod-label:app:flower-client" -# Allow the local-edge kind cluster's fl-operator to communicate with the fl-orchestrator -kubectl exec -n spire spire-server-0 -c spire-server -- /opt/spire/bin/spire-server entry create \ - -parentID "spiffe://katulu.io/$SPIRE_AGENT_HOSTNAME" \ - -spiffeID spiffe://katulu.io/fl-operator \ - -selector "k8s:node-name:$K8S_NODE_NAME" \ - -selector "k8s:ns:katulu-fl" \ - -selector "k8s:pod-label:app:fl-operator-envoyproxy" - -KUSTOMIZE_PARAMS_DIR=example/fl-edge/config - -# Setup spire agent to communicate with the spire server -SPIRE_AGENT_SERVER_ADDRESS=$(kubectl -n spire get virtualservice spire-server -o jsonpath='{ .spec.hosts[0] }') -cat < "$KUSTOMIZE_PARAMS_DIR/spire-server-creds.env" -spire_agent_join_token=$SPIRE_AGENT_JOIN_TOKEN -spire_agent_server_address=$SPIRE_AGENT_SERVER_ADDRESS -EOF - -# Setup fl-operator to communicate with the fl-orchestrator -FL_ORCHESTRATOR_SNI=$(kubectl -n katulu-fl get virtualservice fl-orchestrator-envoyproxy -o jsonpath='{ .spec.hosts[0] }') -cat < "$KUSTOMIZE_PARAMS_DIR/fl-operator-params.env" -fl_orchestrator_sni=$FL_ORCHESTRATOR_SNI -fl_orchestrator_port=8443 -EOF - -# Deploy kind cluster that uses fl-suite's container registry -CONTAINER_REGISTRY_FQDN=$(kubectl -n container-registry get virtualservice container-registry -o jsonpath='{ .spec.hosts[0] }') -export CONTAINER_REGISTRY_FQDN - -kubectl -n katulu-fl get secret internal-registry-credentials -o jsonpath='{ .data.\.dockerconfigjson }' | base64 -d > "$KUSTOMIZE_PARAMS_DIR/internal-registry-credentials.json" -envsubst < 📝 Kubernetes < `v1.21.x` is needed due to [`no matches for kind "CustomResourceDefinition error`](https://github.com/kubeflow/manifests/issues/2028) +* [kubectl installed](https://kubernetes.io/docs/tasks/tools/#kubectl) and [configured](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/) to use the kubernetes cluster. +* [kustomize installed](https://kubectl.docs.kubernetes.io/installation/kustomize/). +* [curl](https://curl.se/download.html). +* [python3](https://www.python.org/downloads/): To fetch the latest release tag. +* The [fl-suite repository](https://github.com/katulu-io/fl-suite) cloned and current working directory in `/path/to/cloned/fl-suite/docs` + +## Deploy a fl-edge + +### 1. Download the fl-edge manifests: + +```shell +LATEST_RELEASE_URL=$(curl -s "https://api.github.com/repos/katulu-io/fl-suite/releases/latest") +FL_EDGE_MANIFESTS_URL=$(echo $LATEST_RELEASE_URL | python3 -c 'import json,sys;print(json.load(sys.stdin)["assets"][0]["url"])') +mkdir -p release-manifests/fl-edge && curl -s -L -H "Accept: application/octet-stream" "$FL_EDGE_MANIFESTS_URL" | tar xzf - --strip-components=1 -C release-manifests/fl-edge +``` + +### 2. Install the fl-edge manifests + +```shell +while ! kustomize build example/fl-edge | kubectl apply -f -; do echo "Retrying to apply resources"; sleep 10; done +``` + +Wait for all the pods to be ready: + +```shell +kubectl get pods -n fl-operator-system +``` + +### 3. Create a new edge-identity + +Go to the running instance of the fl-suite and create a new edge: + +![](../images/fl-suite-menu.png) +
+ +![](../images/fl-suite-edges.png) +
+ +![](../images/fl-suite-edge-form.png) +
+ +### 4. Deploy the edge-identity resources + +Copy the resources from the new edge by pressing the *Copy* button: + +![](../images/fl-suite-new-edge.png) +
+ +Apply the resources into the fl-edge kubernetes cluster: + +```shell +kubectl apply -f - < - - -## Deploy a fl-edge - -To emulate an edge deployment we will use [kind](https://kind.sigs.k8s.io). - -### 1. Download the fl-edge manifests: - -```shell -LATEST_RELEASE_URL=$(curl -s "https://api.github.com/repos/katulu-io/fl-suite/releases/latest") -FL_EDGE_MANIFESTS_URL=$(echo $LATEST_RELEASE_URL | python3 -c 'import json,sys;print(json.load(sys.stdin)["assets"][0]["url"])') -mkdir -p release-manifests/fl-edge && curl -s -L -H "Accept: application/octet-stream" "$FL_EDGE_MANIFESTS_URL" | tar xzf - --strip-components=1 -C release-manifests/fl-edge -``` - -### 2. Create the kubernetes edge cluster - -> đŸŒģ It is expected that KUBECONFIG is configured to access the cluster used in the [Deploy fl-suite](#Deploy-fl-suite) steps. - -```shell -curl -s https://raw.githubusercontent.com/katulu-io/fl-suite/beta/docs/init-edge.sh | bash -Entry ID : b254ae23-bc60-4e7e-98af-963f71aebeff -SPIFFE ID : spiffe://katulu.io/flower-client -Parent ID : spiffe://katulu.io/hostname-local-edge -Revision : 0 -TTL : default -Selector : k8s:node-name:local-edge-control-plane -Selector : k8s:ns:katulu-fl -Selector : k8s:pod-label:app:flower-client - -Entry ID : de6a9efb-7c26-48c5-b1ea-216dc18c556f -SPIFFE ID : spiffe://katulu.io/fl-operator -Parent ID : spiffe://katulu.io/hostname-local-edge -Revision : 0 -TTL : default -Selector : k8s:node-name:local-edge-control-plane -Selector : k8s:ns:katulu-fl -Selector : k8s:pod-label:app:fl-operator-envoyproxy - -Creating cluster "local-edge" ... - ✓ Ensuring node image (kindest/node:v1.21.10) đŸ–ŧ - ✓ Preparing nodes đŸ“Ļ - ✓ Writing configuration 📜 - ✓ Starting control-plane 🕹ī¸ - ✓ Installing CNI 🔌 - ✓ Installing StorageClass 💾 -Set kubectl context to "kind-local-edge" -You can now use your cluster with: - -kubectl cluster-info --context kind-local-edge --kubeconfig local-edge-kubeconfig.yaml - -Have a question, bug, or feature request? Let us know! https://kind.sigs.k8s.io/#community 🙂 -``` - -Wait for the kubernetes' kind node is ready: - -```shell -export KUBECONFIG=$(pwd)/local-edge-kubeconfig.yaml -kubernetes get nodes -NAME STATUS ROLES AGE VERSION -local-edge-control-plane Ready control-plane,master 11m v1.21.10 -``` - -### 3. Deploy the kustomize manifests - -```shell -while ! kustomize build example/fl-edge | kubectl apply -f -; do echo "Retrying to apply resources"; sleep 10; done -``` - -Wait for all the pods to be ready: - -```shell -kubectl get pods -n spire -kubectl get pods -n fl-operator-system -kubectl get pods -n katulu-fl -``` diff --git a/docs/teardown-edge.sh b/docs/teardown-edge.sh deleted file mode 100755 index 5b4ce2c..0000000 --- a/docs/teardown-edge.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/usr/bin/env bash - -set -e - -SPIRE_AGENT_HOSTNAME=$(hostname)-local-edge - -FLOWER_CLIENT_ENTRY_IDS=$(kubectl exec -n spire spire-server-0 -c spire-server -- /opt/spire/bin/spire-server entry show -parentID "spiffe://katulu.io/$SPIRE_AGENT_HOSTNAME" | grep "Entry ID" | awk '{ print $4 }') - -for entry_id in $FLOWER_CLIENT_ENTRY_IDS; do - kubectl exec -n spire spire-server-0 -c spire-server -- /opt/spire/bin/spire-server entry delete -entryID "$entry_id" -done - -SPIRE_AGENT_ENTRY_ID=$(kubectl exec -n spire spire-server-0 -c spire-server -- /opt/spire/bin/spire-server entry show -spiffeID "spiffe://katulu.io/$SPIRE_AGENT_HOSTNAME" | grep "Entry ID" | awk '{ print $4 }') -kubectl exec -n spire spire-server-0 -c spire-server -- /opt/spire/bin/spire-server entry delete -entryID "$SPIRE_AGENT_ENTRY_ID" - -kind delete cluster --name local-edge diff --git a/images/fl-suite-edge-form.png b/images/fl-suite-edge-form.png new file mode 100644 index 0000000..83a440e Binary files /dev/null and b/images/fl-suite-edge-form.png differ diff --git a/images/fl-suite-edges.png b/images/fl-suite-edges.png new file mode 100644 index 0000000..dafebd4 Binary files /dev/null and b/images/fl-suite-edges.png differ diff --git a/images/fl-suite-menu.png b/images/fl-suite-menu.png new file mode 100644 index 0000000..5c6225e Binary files /dev/null and b/images/fl-suite-menu.png differ diff --git a/images/fl-suite-new-edge.png b/images/fl-suite-new-edge.png new file mode 100644 index 0000000..9105740 Binary files /dev/null and b/images/fl-suite-new-edge.png differ