Release manager bundles v0.0.55 (core v0.0.42, postgres v0.5.14) and shim bundle v0.0.1 (core v0.0.1) (#705)

Author: PhilippMatthes

.github/renovate.json

@@ -22,13 +22,57 @@
     "gomodTidy",
     "gomodUpdateImportPaths"
   ],
+  "regexManagers": [
+    {
+      "fileMatch": ["^Makefile$"],
+      "matchStrings": ["CONTROLLER_TOOLS_VERSION \\?= (?<currentValue>v[\\d.]+)"],
+      "depNameTemplate": "sigs.k8s.io/controller-tools",
+      "datasourceTemplate": "go"
+    },
+    {
+      "fileMatch": ["^Makefile$"],
+      "matchStrings": ["GOLANGCI_LINT_VERSION \\?= (?<currentValue>v[\\d.]+)"],
+      "depNameTemplate": "github.com/golangci/golangci-lint/v2",
+      "datasourceTemplate": "go"
+    },
+    {
+      "fileMatch": ["^Makefile$"],
+      "matchStrings": ["GOTESTSUM_VERSION \\?= (?<currentValue>v[\\d.]+)"],
+      "depNameTemplate": "gotest.tools/gotestsum",
+      "datasourceTemplate": "go"
+    },
+    {
+      "fileMatch": ["^postgres/Dockerfile$"],
+      "matchStrings": ["FROM (?<depName>[^:\\n]+):(?<currentValue>[^@\\n]+)@sha256:(?<currentDigest>[a-f0-9]+)"],
+      "datasourceTemplate": "docker"
+    },
+    {
+      "fileMatch": ["^postgres/Dockerfile$"],
+      "matchStrings": ["ENV PG_VERSION (?<currentValue>[\\d]+\\.[\\d]+)-[^\\n]+"],
+      "depNameTemplate": "postgres",
+      "datasourceTemplate": "docker",
+      "versioningTemplate": "semver-coerced",
+      "autoReplaceStringTemplate": "ENV PG_VERSION {{{newValue}}}-1.pgdg13+1"
+    }
+  ],
   "packageRules": [
     {
       "matchPackageNames": [
         "golang"
       ],
       "allowedVersions": "1.26.x"
     },
+    {
+      "matchPackageNames": [
+        "postgres"
+      ],
+      "matchFileNames": [
+        "postgres/Dockerfile"
+      ],
+      "allowedVersions": "17.x",
+      "automerge": true,
+      "groupName": "postgres Dockerfile"
+    },
     {
       "matchPackageNames": [
         "/^github\\.com\\/sapcc\\/.*/"
@@ -39,6 +83,7 @@
     {
       "matchPackageNames": [
         "!/^github\\.com\\/sapcc\\/.*/",
+        "!postgres",
         "/.*/"
       ],
       "matchUpdateTypes": [
@@ -60,4 +105,4 @@
     "before 8am on Friday"
   ],
   "semanticCommits": "disabled"
-}
+}

.github/workflows/push-charts.yaml

@@ -27,25 +27,6 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Get all changed helm/library/cortex Chart.yaml files
-        id: changed-chart-yaml-files-core
-        uses: tj-actions/changed-files@v47
-        with:
-          files: |
-            helm/library/cortex/Chart.yaml
-      - name: Push cortex core charts to registry
-        if: steps.changed-chart-yaml-files-core.outputs.all_changed_files != ''
-        shell: bash
-        env:
-          ALL_CHANGED_FILES: ${{ steps.changed-chart-yaml-files-core.outputs.all_changed_files }}
-        run: |
-          for CHART_FILE in ${ALL_CHANGED_FILES}; do
-            CHART_DIR=$(dirname $CHART_FILE)
-            helm package $CHART_DIR --dependency-update --destination $CHART_DIR
-            CHART_PACKAGE=$(ls $CHART_DIR/*.tgz)
-            helm push $CHART_PACKAGE oci://${{ env.REGISTRY }}/${{ github.repository }}/charts/
-          done
-
       - name: Get all changed library Chart.yaml files
         id: changed-chart-yaml-files-library
         uses: tj-actions/changed-files@v47

.github/workflows/push-images.yaml

@@ -72,6 +72,55 @@ jobs:
           subject-digest: ${{ steps.push_cortex_postgres.outputs.digest }}
           push-to-registry: true
 
+      # Only build and push the cortex-shim image if there are changes related
+      # to the cortex shims (e.g., in cmd/shim or internal/shim).
+      - name: Get all changed shim/ files
+        id: changed_shim_files
+        uses: tj-actions/changed-files@v47
+        with:
+          files: |
+            cmd/shim/**
+            internal/shim/**
+            api/**
+            pkg/**
+            go.mod
+            go.sum
+            Dockerfile
+      - name: Docker Meta (Cortex Shim)
+        if: steps.changed_shim_files.outputs.all_changed_files != ''
+        id: meta_cortex_shim
+        uses: docker/metadata-action@v6
+        with:
+          images: ${{ env.REGISTRY }}/${{ github.repository }}-shim
+          tags: |
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=sha
+            latest
+        env:
+          DOCKER_METADATA_SHORT_SHA_LENGTH: 8
+      - name: Build and Push Cortex Shim
+        if: steps.changed_shim_files.outputs.all_changed_files != ''
+        id: push_cortex_shim
+        uses: docker/build-push-action@v7
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.meta_cortex_shim.outputs.tags }}
+          labels: ${{ steps.meta_cortex_shim.outputs.labels }}
+          build-args: |
+            GIT_TAG=${{ github.ref_name }}
+            GIT_COMMIT=${{ github.sha }}
+            GOMAIN=cmd/shim/main.go
+      - name: Generate Artifact Attestation for Cortex Shim
+        if: steps.changed_shim_files.outputs.all_changed_files != ''
+        uses: actions/attest-build-provenance@v4
+        with:
+          subject-name: ${{ env.REGISTRY }}/${{ github.repository }}-shim
+          subject-digest: ${{ steps.push_cortex_shim.outputs.digest }}
+          push-to-registry: true
+
       # Build & push new cortex image
       - name: Docker Meta (Cortex)
         id: meta_cortex
@@ -98,6 +147,7 @@ jobs:
           build-args: |
             GIT_TAG=${{ github.ref_name }}
             GIT_COMMIT=${{ github.sha }}
+            GOMAIN=cmd/manager/main.go
       - name: Generate Artifact Attestation for Cortex
         uses: actions/attest-build-provenance@v4
         with:

.github/workflows/test.yaml

@@ -60,7 +60,7 @@ jobs:
       # Steps below are only executed if the workflow is triggered by a pull request
       - name: Delete old coverage comments (PR only)
         if: ${{ github.event_name == 'pull_request' }}
-        uses: actions/github-script@v8
+        uses: actions/github-script@v9
         with:
           script: |
             const { data: comments } = await github.rest.issues.listComments({
@@ -86,7 +86,7 @@ jobs:
           path: .
       - name: Post coverage comment (PR only)
         if: ${{ github.event_name == 'pull_request' }}
-        uses: actions/github-script@v8
+        uses: actions/github-script@v9
         # For external contributors, posting comments fail due to permission issues.
         continue-on-error: true
         with:

.github/workflows/update-appversion.yml

@@ -44,6 +44,27 @@ jobs:
           git commit -m "Bump cortex-postgres chart appVersions to ${{ steps.vars.outputs.sha }} [skip ci]" || echo "No changes to commit"
           git push origin HEAD:main
 
+      # Only bumped if there are changes in shim-related directories
+      - name: Get all changed shim files
+        id: changed_shim_files
+        uses: tj-actions/changed-files@v47
+        with:
+          files: |
+            internal/shim/**
+            cmd/shim/**
+      - name: Update appVersion in cortex-shim Chart.yaml
+        if: steps.changed_shim_files.outputs.all_changed_files != ''
+        run: |
+          sed -i 's/^\([ ]*appVersion:[ ]*\).*/\1"${{ steps.vars.outputs.sha }}"/' helm/library/cortex-shim/Chart.yaml
+      - name: Commit and push changes for cortex-shim
+        if: steps.changed_shim_files.outputs.all_changed_files != ''
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          git add helm/library/cortex-shim/Chart.yaml
+          git commit -m "Bump cortex-shim chart appVersions to ${{ steps.vars.outputs.sha }} [skip ci]" || echo "No changes to commit"
+          git push origin HEAD:main
+
       - name: Update appVersion in helm/library/cortex/Chart.yaml
         run: |
           sed -i 's/^\([ ]*appVersion:[ ]*\).*/\1"${{ steps.vars.outputs.sha }}"/' helm/library/cortex/Chart.yaml

.gitignore

@@ -34,6 +34,7 @@ cortex.secrets.yaml
 !.editorconfig
 !.gitignore
 !.github
+!.gitkeep
 !.golangci.yaml
 !.license-scan-overrides.jsonl
 !.license-scan-rules.json

AGENTS.md

@@ -50,7 +50,8 @@ Helm charts:
 ## Repository Structure
 
 Code:
-- `cmd/main.go` is the entry point for the manager, which starts the controllers and webhooks
+- `cmd/manager/main.go` is the entry point for the manager, which starts the controllers and webhooks
+- `cmd/shim/main.go` is the entry point for cortex shims exposing cortex capabilities over REST endpoints
 - `api/v1alpha1` is where the CRD specs of cortex lives
 - `api/external` contains messages sent to cortex via http from external openstack services
 - `internal/scheduling` contains the logic for scheduling in different cloud domains

Dockerfile

@@ -6,6 +6,8 @@ ARG TARGETARCH
 ARG GO_MOD_PATH=.
 ARG GOCACHE=/root/.cache/go-build
 ENV GOCACHE=${GOCACHE}
+ARG GOMAIN=cmd/manager/main.go
+ENV GOMAIN=${GOMAIN}
 
 # Note: avoid using COPY to /lib which will lead to docker build errors.
 WORKDIR /workspace/${GO_MOD_PATH}
@@ -29,13 +31,13 @@ ENV GOOS=${TARGETOS:-linux}
 ENV GOARCH=${TARGETARCH}
 RUN --mount=type=cache,target=/go/pkg/mod/ \
     --mount=type=cache,target=${GOCACHE} \
-    go build -a -o /manager cmd/main.go
+    go build -a -o /main ${GOMAIN}
 
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
 FROM gcr.io/distroless/static:nonroot
 WORKDIR /
-COPY --from=builder /manager .
+COPY --from=builder /main .
 USER 65532:65532
 
-ENTRYPOINT ["/manager"]
+ENTRYPOINT ["/main"]

Makefile

@@ -58,8 +58,8 @@ CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen
 GOLANGCI_LINT = $(LOCALBIN)/golangci-lint
 GOTESTSUM = $(LOCALBIN)/gotestsum
 
-CONTROLLER_TOOLS_VERSION ?= v0.20.0
-GOLANGCI_LINT_VERSION ?= v2.9.0
+CONTROLLER_TOOLS_VERSION ?= v0.20.1
+GOLANGCI_LINT_VERSION ?= v2.11.4
 GOTESTSUM_VERSION ?= v1.13.0
 
 .PHONY: controller-gen

Tiltfile

@@ -7,7 +7,10 @@
 analytics_settings(False)
 
 # Use the ACTIVE_DEPLOYMENTS env var to select which Cortex bundles to deploy.
-ACTIVE_DEPLOYMENTS_ENV = os.getenv('ACTIVE_DEPLOYMENTS', 'nova,manila,cinder,ironcore,pods')
+ACTIVE_DEPLOYMENTS_ENV = os.getenv(
+    'ACTIVE_DEPLOYMENTS',
+    'nova,manila,cinder,ironcore,pods,placement',
+)
 if ACTIVE_DEPLOYMENTS_ENV == "":
     ACTIVE_DEPLOYMENTS = [] # Catch "".split(",") = [""]
 else:
@@ -50,6 +53,11 @@ helm_repo(
     'https://prometheus-community.github.io/helm-charts',
     labels=['Repositories'],
 )
+helm_repo(
+    'perses',
+    'https://perses.github.io/helm-charts',
+    labels=['Repositories'],
+)
 
 ########### Certmanager
 # Certmanager is required for the validating webhooks in the cortex bundles, so
@@ -78,13 +86,22 @@ local('kubectl wait --namespace cert-manager --for=condition=available deploymen
 url = 'https://raw.githubusercontent.com/cobaltcore-dev/openstack-hypervisor-operator/refs/heads/main/charts/openstack-hypervisor-operator/crds/kvm.cloud.sap_hypervisors.yaml'
 local('curl -L ' + url + ' | kubectl apply -f -')
 
-########### Cortex Operator & CRDs
+########### Cortex Manager & CRDs
 docker_build('ghcr.io/cobaltcore-dev/cortex', '.',
     dockerfile='Dockerfile',
+    build_args={'GOMAIN': 'cmd/manager/main.go'},
     only=['internal/', 'cmd/', 'api/', 'pkg', 'go.mod', 'go.sum', 'Dockerfile'],
 )
 local('sh helm/sync.sh helm/library/cortex')
 
+########### Cortex Shim
+docker_build('ghcr.io/cobaltcore-dev/cortex-shim', '.',
+    dockerfile='Dockerfile',
+    build_args={'GOMAIN': 'cmd/shim/main.go'},
+    only=['internal/', 'cmd/', 'api/', 'pkg', 'go.mod', 'go.sum', 'Dockerfile'],
+)
+local('sh helm/sync.sh helm/library/cortex-shim')
+
 ########### Cortex Bundles
 docker_build('ghcr.io/cobaltcore-dev/cortex-postgres', 'postgres')
 
@@ -98,6 +115,7 @@ bundle_charts = [
     ('helm/bundles/cortex-cinder', 'cortex-cinder'),
     ('helm/bundles/cortex-ironcore', 'cortex-ironcore'),
     ('helm/bundles/cortex-pods', 'cortex-pods'),
+    ('helm/bundles/cortex-placement-shim', 'cortex-placement-shim'),
 ]
 dep_charts = {
     'cortex-crds': [
@@ -123,6 +141,9 @@ dep_charts = {
         ('helm/library/cortex-postgres', 'cortex-postgres'),
         ('helm/library/cortex', 'cortex'),
     ],
+    'cortex-placement-shim': [
+        ('helm/library/cortex-shim', 'cortex-shim'),
+    ],
 }
 
 for (bundle_chart_path, bundle_chart_name) in bundle_charts:
@@ -184,14 +205,14 @@ if 'nova' in ACTIVE_DEPLOYMENTS:
     k8s_resource('cortex-nova-knowledge-controller-manager', labels=['Cortex-Nova'])
     local_resource(
         'Scheduler E2E Tests (Nova)',
-        '/bin/sh -c "kubectl exec deploy/cortex-nova-scheduling-controller-manager -- /manager e2e-nova"',
+        '/bin/sh -c "kubectl exec deploy/cortex-nova-scheduling-controller-manager -- /main e2e-nova"',
         labels=['Cortex-Nova'],
         trigger_mode=TRIGGER_MODE_MANUAL,
         auto_init=False,
     )
     local_resource(
         'Commitments E2E Tests',
-        '/bin/sh -c "kubectl exec deploy/cortex-nova-scheduling-controller-manager -- /manager e2e-commitments"',
+        '/bin/sh -c "kubectl exec deploy/cortex-nova-scheduling-controller-manager -- /main e2e-commitments"',
         labels=['Cortex-Nova'],
         trigger_mode=TRIGGER_MODE_MANUAL,
         auto_init=False,
@@ -209,7 +230,7 @@ if 'manila' in ACTIVE_DEPLOYMENTS:
     k8s_resource('cortex-manila-knowledge-controller-manager', labels=['Cortex-Manila'])
     local_resource(
         'Scheduler E2E Tests (Manila)',
-        '/bin/sh -c "kubectl exec deploy/cortex-manila-scheduling-controller-manager -- /manager e2e-manila"',
+        '/bin/sh -c "kubectl exec deploy/cortex-manila-scheduling-controller-manager -- /main e2e-manila"',
         labels=['Cortex-Manila'],
         trigger_mode=TRIGGER_MODE_MANUAL,
         auto_init=False,
@@ -226,7 +247,7 @@ if 'cinder' in ACTIVE_DEPLOYMENTS:
     k8s_resource('cortex-cinder-knowledge-controller-manager', labels=['Cortex-Cinder'])
     local_resource(
         'Scheduler E2E Tests (Cinder)',
-        '/bin/sh -c "kubectl exec deploy/cortex-cinder-scheduling-controller-manager -- /manager e2e-cinder"',
+        '/bin/sh -c "kubectl exec deploy/cortex-cinder-scheduling-controller-manager -- /main e2e-cinder"',
         labels=['Cortex-Cinder'],
         trigger_mode=TRIGGER_MODE_MANUAL,
         auto_init=False,
@@ -255,6 +276,10 @@ if 'pods' in ACTIVE_DEPLOYMENTS:
     k8s_yaml('samples/pods/pod.yaml')
     k8s_resource('test-pod', labels=['Cortex-Pods'])
 
+if 'placement' in ACTIVE_DEPLOYMENTS:
+    print("Activating Cortex Placement Shim bundle")
+    k8s_yaml(helm('./helm/bundles/cortex-placement-shim', name='cortex-placement-shim', values=tilt_values, set=env_set_overrides))
+
 ########### Dev Dependencies
 local('sh helm/sync.sh helm/dev/cortex-prometheus-operator')
 k8s_yaml(helm('./helm/dev/cortex-prometheus-operator', name='cortex-prometheus-operator')) # Operator
@@ -282,3 +307,20 @@ k8s_resource('cortex-plutono', port_forwards=[
 ], links=[
     link('http://localhost:5000/d/cortex/cortex?orgId=1', 'cortex dashboard'),
 ], labels=['Monitoring'])
+
+helm_resource(
+    'cortex-perses',
+    'perses/perses',
+    flags=['--values=./tools/perses/values.yaml'],
+    port_forwards=[port_forward(5080, 8080, name='perses')],
+    links=[link('http://localhost:5080', 'perses dashboard')],
+    labels=['Monitoring'],
+    resource_deps=['perses'],
+)
+watch_file('./tools/perses/dashboards')
+k8s_yaml(local(' '.join([
+    'kubectl create configmap cortex-perses-dashboards',
+    '--from-file=./tools/perses/dashboards/',
+    '--dry-run=client -o yaml |',
+    'kubectl label --local -f - perses.dev/resource=true --dry-run=client -o yaml',
+])))