veracruz-project · alexandref75 · Nov 1, 2021 · Nov 1, 2021 · Nov 1, 2021 · Nov 2, 2021
diff --git a/i-poc/Makefile b/i-poc/Makefile
@@ -12,11 +12,12 @@
 #
 
 IMAGE_SUBDIRS=vaas-server ccfaas-app iotex-s3-app
+VERACRUZ_NITRO_IMAGE=veracruz/veracruz-nitro:v1.3.3
 
 all: veracruz-client k8s-config
 
 veracruz-client:
-	CONTAINERID=$(shell docker create veracruz/veracruz-nitro:v1.2.0); \
+	CONTAINERID=$(shell docker create $(VERACRUZ_NITRO_IMAGE)); \
 	docker cp $$CONTAINERID:/work/veracruz-client/veracruz-client veracruz-client; \
 	docker cp $$CONTAINERID:/work/veracruz-client/hash hash; \
 	docker rm $$CONTAINERID

diff --git a/i-poc/README.md b/i-poc/README.md
diff --git a/i-poc/ccfaas-app/Dockerfile b/i-poc/ccfaas-app/Dockerfile
@@ -10,7 +10,7 @@
 # and copyright information.
 #
 
-FROM ubuntu:20.04
+FROM ubuntu:22.04
 
 RUN apt-get update -y;apt-get upgrade -y;apt-get install -y netcat curl python3-pip;apt-get -y clean
 

diff --git a/i-poc/ccfaas-app/Makefile b/i-poc/ccfaas-app/Makefile
@@ -10,15 +10,15 @@
 # example repository root directory for copyright and licensing information.
 #
 #
-VERSION=0.87.26
+VERSION=0.87.28
 
 all: image
 
 veracruz-client: ../veracruz-client
 	cp ../veracruz-client veracruz-client
 
 veracruz-ccfaas-server.imageOK: Dockerfile ccfaas-server.py ccfaas-server.sh veracruz-client load_program.sh load_data.sh
-	docker build -t veracruz-ccfaas-server:$(VERSION) .
+	docker build --output type=docker -t veracruz-ccfaas-server:$(VERSION) .
 	touch veracruz-ccfaas-server.imageOK
 
 image: veracruz-ccfaas-server.imageOK

diff --git a/i-poc/charts/veracruz-nitro-demo/Chart.yaml b/i-poc/charts/veracruz-nitro-demo/Chart.yaml
@@ -0,0 +1,42 @@
+apiVersion: v2
+name: veracruz-nitro-demo
+description: deploy veracruz nitro demo running nitro on aws
+
+home: https://veracruz-project.github.io
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.0.1
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.0.0"
+kubeVersion: ">=1.18.0-0"
+
+sources:
+  - https://github.com/veracruz-project/veracruz-examples
+
+annotations:
+  artifacthub.io/changes: |
+    - Initial release
+  artifacthub.io/license: Apache-2.0
+  artifacthub.io/maintainers: |
+    - name: Alexandre Peixoto Ferreira
+      email: [email protected]
+  artifacthub.io/prerelease: "false"
+  artifacthub.io/signKey: |
+    fingerprint: 71EDA4E3D652DC73EB09E3A5387D298C169CF24E
+    url: https://smarter-project.github.io/documentation/pgp_keys.asc
diff --git a/i-poc/charts/veracruz-nitro-demo/README.md b/i-poc/charts/veracruz-nitro-demo/README.md
@@ -0,0 +1,29 @@
+# Veracruz Nitro Demo
+
+This chart deploys Veracruz AWS nitro demo into a k8s/k3s cluster.
+
+For more information on Veracruz go to https://github.com/veracruz-project or this example go to https://github.com/veracruz-project/veracruz-examples/tree/main/i-poc
+
+## TL;DR
+
+```console
+helm install veracruz-nitro-demo charts/veracruz-nitro-demo
+```
+
+# Overview
+
+
+# Prerequisites
+
+This chart assumes a full deployment of k3s with traefik, etc.
+
+* k3s 1.25+
+* Helm 3.2.0+
+
+# Uninstalling the Chart
+
+```
+$ helm delete veracruz-nitro-demo
+```
+
+# Parameters
diff --git a/i-poc/charts/veracruz-nitro-demo/helm-script.sh b/i-poc/charts/veracruz-nitro-demo/helm-script.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+export PUBLIC_HOSTNAME=$(curl http://169.254.169.254/latest/meta-data/public-hostname)
+export LOCAL_IP=$(curl http://169.254.169.254/latest/meta-data/local-ipv4)
+
+#helm template \
+helm install i-poc-example \
+	--set-file config.CACERT=../../main-k3s/CACert.pem \
+	--set-file config.CAKEY=../../main-k3s/CAKey.pem \
+	--set-file config.PROGCERT=../../main-k3s/PROGCert.pem \
+	--set-file config.PROGKEY=../../main-k3s/PROGKey.pem \
+	--set config.externalIPUse=${LOCAL_IP} \
+	--set-file config.nitroHash=../../hash \
+	--set config.veracruzEndpointHostname=${PUBLIC_HOSTNAME} \
+	.
diff --git a/i-poc/charts/veracruz-nitro-demo/templates/iotex-s3-app-deploy.yaml b/i-poc/charts/veracruz-nitro-demo/templates/iotex-s3-app-deploy.yaml
@@ -0,0 +1,43 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: iotex-s3-app
+spec:
+  progressDeadlineSeconds: 600
+  replicas: 1
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      iotex-s3: app
+  strategy:
+    rollingUpdate:
+      maxSurge: 25%
+      maxUnavailable: 1
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        iotex-s3: app
+    spec:
+      containers:
+      - name: iotex-s3-app
+        image: veracruz/iotex-s3-veracruz-app:{{ .Values.iotexS3Veracruz.image }}
+        imagePullPolicy: IfNotPresent
+        ports:
+        - containerPort: 5000
+          protocol: TCP
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - all
+        resources:
+          limits:
+            memory: 1Gi
+          requests:
+            cpu: 100m
+            memory: 100Mi
+      priorityClassName: system-cluster-critical
+      restartPolicy: Always
+      schedulerName: default-scheduler
+      terminationGracePeriodSeconds: 30
diff --git a/i-poc/charts/veracruz-nitro-demo/templates/iotex-s3-app-service.yaml b/i-poc/charts/veracruz-nitro-demo/templates/iotex-s3-app-service.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: iotex-s3-app
+spec:
+  selector:
+    iotex-s3: app
+  ports:
+    - protocol: TCP
+      port: 5020
+      targetPort: 5000
+      name: iotex-s3-app
+  externalIPs:
+    - {{ .Values.config.externalIPUse }}
diff --git a/i-poc/charts/veracruz-nitro-demo/templates/smarter-device-manager-configmap-ec2-nitro.yaml b/i-poc/charts/veracruz-nitro-demo/templates/smarter-device-manager-configmap-ec2-nitro.yaml
@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: smarter-device-manager-ec2-nitro
+data:
+  conf.yaml: |
+        - devicematch: ^nitro_enclaves$
+          nummaxdevices: 1
+        - devicematch: ^vsock$
+          nummaxdevices: 1
+        - devicematch: ^rtc0$
+          nummaxdevices: 20
+        - devicematch: ^ttyUSB[0-9]*$
+          nummaxdevices: 1
+        - devicematch: ^ttyACM[0-9]*$
+          nummaxdevices: 1
+        - devicematch: ^ttyTHS[0-9]*$
+          nummaxdevices: 1
+        - devicematch: ^ttyS[0-9]*$
+          nummaxdevices: 1
diff --git a/...rts/veracruz-nitro-demo/templates/smarter-device-manager-ds-with-configmap-ec2-nitro.yaml b/...rts/veracruz-nitro-demo/templates/smarter-device-manager-ds-with-configmap-ec2-nitro.yaml
@@ -0,0 +1,64 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: smarter-device-manager-ec2-nitro
+  labels:
+    name: smarter-device-manager-ec2-nitro
+    role: agent
+spec:
+  selector:
+    matchLabels:
+      name: smarter-device-manager-ec2-nitro
+  updateStrategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels: 
+        name: smarter-device-manager-ec2-nitro
+      annotations:
+        node.kubernetes.io/bootstrap-checkpoint: "true"
+    spec: 
+      nodeSelector:
+        smarter-device-manager: enabled
+      priorityClassName: "system-node-critical"
+      hostname: smarter-device-management-ec2-nitro
+      hostNetwork: true
+      dnsPolicy: ClusterFirstWithHostNet
+      containers:
+      - name: smarter-device-manager-ec2-nitro
+        image: registry.gitlab.com/arm-research/smarter/smarter-device-manager:{{ .Values.smarterDeviceManager.image }}
+        imagePullPolicy: IfNotPresent
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop: ["ALL"]
+        resources:
+          limits:
+            cpu: 100m
+            memory: 15Mi
+          requests:
+            cpu: 10m
+            memory: 15Mi
+        volumeMounts:
+          - name: device-plugin
+            mountPath: /var/lib/kubelet/device-plugins
+          - name: dev-dir
+            mountPath: /dev
+          - name: sys-dir
+            mountPath: /sys
+          - name: config
+            mountPath: /root/config
+      volumes:
+        - name: device-plugin
+          hostPath:
+            path: /var/lib/kubelet/device-plugins
+        - name: dev-dir
+          hostPath:
+            path: /dev
+        - name: sys-dir
+          hostPath:
+            path: /sys
+        - name: config
+          configMap:
+             name: smarter-device-manager-ec2-nitro
+      terminationGracePeriodSeconds: 30
diff --git a/i-poc/charts/veracruz-nitro-demo/templates/veracruz-ccfaas-app-configmap.yaml b/i-poc/charts/veracruz-nitro-demo/templates/veracruz-ccfaas-app-configmap.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: veracruz-ccfaas-app
+data:
+  PROGCert.pem: {{ toJson .Values.config.PROGCERT }}
+  PROGKey.pem: {{ toJson .Values.config.PROGKEY }}
diff --git a/i-poc/charts/veracruz-nitro-demo/templates/veracruz-ccfaas-app-deploy.yaml b/i-poc/charts/veracruz-nitro-demo/templates/veracruz-ccfaas-app-deploy.yaml
@@ -0,0 +1,53 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: ccfaas-server-app
+spec:
+  progressDeadlineSeconds: 600
+  replicas: 1
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      ccfaas-server: app
+  strategy:
+    rollingUpdate:
+      maxSurge: 25%
+      maxUnavailable: 1
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        ccfaas-server: app
+    spec:
+      containers:
+      - name: ccfaas-server-app
+        image: veracruz/veracruz-ccfaas-server:{{ .Values.veracruzCCFaas.image }}
+        imagePullPolicy: IfNotPresent
+        env:
+        - name: VAAS_ACCESS_URL
+          value: "http://vaas-server-app:5000"
+        ports:
+        - containerPort: 5000
+          protocol: TCP
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - all
+        resources:
+          limits:
+            memory: 1Gi
+          requests:
+            cpu: 100m
+            memory: 100Mi
+        volumeMounts:
+          - name: config
+            mountPath: /root/config
+      priorityClassName: system-cluster-critical
+      restartPolicy: Always
+      schedulerName: default-scheduler
+      terminationGracePeriodSeconds: 30
+      volumes:
+        - name: config
+          configMap:
+             name: veracruz-ccfaas-app
diff --git a/i-poc/charts/veracruz-nitro-demo/templates/veracruz-ccfaas-app-service.yaml b/i-poc/charts/veracruz-nitro-demo/templates/veracruz-ccfaas-app-service.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: ccfaas-server-app
+spec:
+  selector:
+    ccfaas-server: app
+  ports:
+    - protocol: TCP
+      port: 5010
+      targetPort: 5000
+      name: ccfaas-server-app
+  externalIPs:
+    - {{ .Values.config.externalIPUse }}
diff --git a/i-poc/charts/veracruz-nitro-demo/templates/veracruz-nitro-proxy-configmap.yaml b/i-poc/charts/veracruz-nitro-demo/templates/veracruz-nitro-proxy-configmap.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: veracruz-nitro-proxy
+data:
+  CACert.pem: {{ toJson .Values.config.CACERT }}
+  CAKey.pem: {{ toJson .Values.config.CAKEY }}