feat: gcp resources, with name prefix

Author: nxtcoder17

.dockerignore

@@ -11,3 +11,4 @@
 !infrastructure-templates
 infrastructure-templates/**/.terraform.d
 !context.tar
+!flake.*

Dockerfile

@@ -5,7 +5,7 @@ RUN curl -L0 https://releases.hashicorp.com/terraform/1.5.7/terraform_1.5.7_linu
 WORKDIR /app
 COPY --chown=nonroot ./terraform ./terraform
 RUN mkdir -p infrastructure-templates
-# COPY --chown=nonroot ./infrastructure-templates ./infrastructure-templates
+COPY --chown=nonroot ./infrastructure-templates ./infrastructure-templates
 ENV TF_PLUGIN_CACHE_DIR="/app/.terraform.d/plugin-cache"
 # COPY .terraform.d.zip /app/terraform.zip
 RUN mkdir -p $TF_PLUGIN_CACHE_DIR
@@ -20,39 +20,39 @@ RUN <<'EOF'
   wait
 
   tdir=$(basename $(dirname $TF_PLUGIN_CACHE_DIR))
-  # tar cf - $tdir | lz4 -v -5 > tf.lz4 && rm -rf $tdir
   tar cf - $tdir | zstd --compress > tf.zst && rm -rf $tdir
 EOF
 
 # ENV DECOMPRESS_CMD="lz4 -d tf.lz4 | tar xf -"
 ENV DECOMPRESS_CMD="zstd --decompress tf.zst --stdout | tar xf -"
 ENV TEMPLATES_DIR="/app/infrastructure-templates"
-
-# WORKDIR /app
-# ENV TF_PLUGIN_CACHE_DIR="/app/.terraform.d/plugin-cache"
-# RUN mkdir -p $TF_PLUGIN_CACHE_DIR
-# RUN cat > script.sh <<EOF
-#   #!/usr/bin/env bash
-#   echo "hi" >> log.file
-#   ls -d ./infrastructure-templates/{gcp,aws}/* | tee log.file | xargs -I{} bash -c "echo name is {}; $(terraform init chdir={} -backend=false &)"
-#   # for dir in $(ls -d ./infrastructure-templates/{gcp,aws}/*); do
-#   #   echo $dir >> log.file
-#   #   pushd $dir
-#   #   terraform init -backend=false &
-#   #   popd
-#   # done
-#
-#   wait
 #
-#   tdir=$(basename $(dirname $TF_PLUGIN_CACHE_DIR))
-#   tar cf - $tdir | lz4 -v -5 > tf.lz4 && rm -rf $tdir
-# EOF
-#
-# COPY --chown=nonroot ./terraform ./terraform
-# COPY --chown=nonroot ./infrastructure-templates ./infrastructure-templates
-# RUN --mount=type=cache,id=sample,target=/app/.terraform.d/plugin-cache \
-#   chmod +x /app/script.sh && bash /app/script.sh
-# RUN adduser --disabled-password --home="/app" --uid 1717 nonroot
-# USER nonroot
+WORKDIR /app
+ENV TF_PLUGIN_CACHE_DIR="/app/.terraform.d/plugin-cache"
+RUN mkdir -p $TF_PLUGIN_CACHE_DIR
+RUN cat > script.sh <<EOF
+COPY --chown=nonroot ./terraform ./terraform
+COPY --chown=nonroot ./infrastructure-templates ./infrastructure-templates
+RUN --mount=type=cache,id=sample,target=$TF_PLUGIN_CACHE_DIR <<EOF
+  #!/usr/bin/env bash
+  echo "hi" >> log.file
+  # ls -d ./infrastructure-templates/{gcp,aws}/* | tee log.file | xargs -I{} bash -c "echo name is {}; $(terraform init chdir={} -backend=false &)"
+  for dir in $(ls -d ./infrastructure-templates/{gcp,aws}/*); do
+    echo $dir >> log.file
+    pushd $dir
+    terraform init -backend=false &
+    popd
+  done
+
+  wait
+
+  tdir=$(basename $(dirname $TF_PLUGIN_CACHE_DIR))
+  echo "hello" >> log.file
+  # tar cf - $tdir | lz4 -v -5 > tf.lz4 && rm -rf $tdir
+  tar cf - $tdir | zstd --compress > tf.zst && rm -rf $tdir
+EOF
+RUN adduser --disabled-password --home="/app" --uid 1717 nonroot
+USER nonroot
 # ENV DECOMPRESS_CMD="lz4 -d tf.lz4 | tar xf -"
-# ENV TEMPLATES_DIR="/app/infrastructure-templates"
+ENV DECOMPRESS_CMD="zstd --decompress tf.zst --stdout | tar xf -"
+ENV TEMPLATES_DIR="/app/infrastructure-templates"

DockerfileNIX

@@ -1,18 +1,34 @@
+# FROM alpine:latest AS base
+
 # vim: set ft=dockerfile:
 FROM nixos/nix:latest AS builder
-
+# FROM ghcr.io/nxtcoder17/nix:latest AS builder
 WORKDIR /app
 
 # COPY flake.nix flake.lock ./
-ENV NIX_STORE_DIR=/nix/store2
+# RUN mkdir x && \
+#   cp -rL $(which bash) ./x/bash && \
+#   cp -rL $(which sh) ./x/sh && \
+#   cp -rL $(which ln) ./x/ln
+
+# COPY --from=base /bin/sh /bin/sh
+# COPY --from=base /bin/ln /bin/ln
+
+# RUN ls -al ./x && exit 1
+
+# SHELL ["/app/bash", "-c"]
+# RUN nix-env -iv util-linux
+RUN cat > /etc/nix/nix.conf <<EOF
+build-users-group = nixbld
+sandbox = false
+trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= local:2V5FDaWeruKxCtCBMS9FsCSueXMQwdz+cVLNlG3GWiY= 
+EOF
 
 RUN --mount=type=bind,source=flake.nix,target=flake.nix \
   --mount=type=bind,source=flake.lock,target=flake.lock \
-  --mount=type=cache,target=/nix/store2 \
-  cp -R /nix/store /nix/store2 && nix \
-  --extra-experimental-features "nix-command flakes" \
+  nix --extra-experimental-features "nix-command flakes" \
   --option filter-syscalls false \
-  build .#container
+  build .#container --substituters http://192.168.0.113:5000/
 
 # Copy the Nix store closure into a directory. The Nix store closure is the
 # entire set of Nix store values that we need for our build.
@@ -45,9 +61,8 @@ ENV TF_PLUGIN_CACHE_DIR="/app/.terraform.d/plugin-cache"
 # COPY .terraform.d.zip /app/terraform.zip
 RUN mkdir -p $TF_PLUGIN_CACHE_DIR
 SHELL ["bash", "-c"]
-RUN <<'EOF'
-  # for dir in $(ls -d ./infrastructure-templates/{gcp,aws}/*); do
-  for dir in $(ls -d ./infrastructure-templates/${CLOUD_PROVIDER}/*); do
+RUN --mount=type=cache,id=sample,target=$TF_PLUGIN_CACHE_DIR <<EOF
+  for dir in $(ls -d ./infrastructure-templates/{aws,gcp}/*); do
     pushd $dir
     terraform init -backend=false &
     popd
@@ -56,8 +71,7 @@ RUN <<'EOF'
   wait
 
   tdir=$(basename $(dirname $TF_PLUGIN_CACHE_DIR))
-  # tar cf - $tdir | lz4 -v -5 > tf.lz4 && rm -rf $tdir
-  tar cf - $tdir | zstd -12 --compress > tf.zst && rm -rf $tdir
+  tar cf - $tdir | zstd --compress > tf.zst && rm -rf $tdir
 EOF
 # ENV DECOMPRESS_CMD="lz4 -d tf.lz4 | tar xf -"
 ENV DECOMPRESS_CMD="zstd --decompress tf.zst --stdout | tar xf -"

DockerfileNIX2

@@ -9,12 +9,18 @@ COPY --from=nix /nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt /etc/s
 WORKDIR /app
 RUN --mount=type=bind,source=context.tar,target=context.tar \
   tar xf context.tar && \
-  mkdir /nix && mv nixstore /nix/store && \
+  mkdir -p /nix && mv nixstore /nix/store && \
   mkdir -p /usr/local/bin && mv result/bin/* /usr/local/bin/ && rm -rf result && \
   mv tf.zst /app/tf.zst
 
 RUN adduser --disabled-password --home="/app" --uid 1717 nonroot
-USER nonroot
+# RUN chown -R nonroot:nonroot output
+
+# FROM scratch
+# COPY --from=base /app/output/ /
+# RUN mkdir -p /etc
+# WORKDIR /app
+# COPY --from=base /etc/passwd /etc/passwd
 COPY --chown=nonroot ./terraform ./terraform
 COPY --chown=nonroot ./infrastructure-templates ./infrastructure-templates
 # COPY --from=nixstore ./ /nix/store
@@ -26,6 +32,7 @@ COPY --chown=nonroot ./infrastructure-templates ./infrastructure-templates
 # COPY ./terraform ./terraform
 # ARG CLOUD_PROVIDER
 # COPY ./infrastructure-templates/${CLOUD_PROVIDER} ./infrastructure-templates/${CLOUD_PROVIDER}
+# USER nonroot
 ENV TF_PLUGIN_CACHE_DIR="/app/.terraform.d/plugin-cache"
 # # COPY ./tf.zst ./tf.zst
 ENV DECOMPRESS_CMD="zstd --decompress tf.zst --stdout | tar xf -"

Taskfile.yml

@@ -24,17 +24,18 @@ tasks:
         fi
 
   local:build:iac-job:
-    preconditions:
-      - sh: '[[ -n "{{.cloudprovider}}" ]]'
-        msg: 'var cloudprovider must have a value'
     vars:
+      # output_dir: 
+      #   sh: mktemp -d --suffix '.nix'
+      output_dir: ./result
       nix_store_closure: /tmp/nix-store-closure
     cmds:
-      - sudo rm -rf result
-      - nix build .#container
+      - echo OUTPUT DIR is "{{.output_dir}}"
+      - sudo rm -rf {{.output_dir}}
+      - nix build .#container -o {{.output_dir}}
       - sudo rm -rf {{.nix_store_closure}}
       - mkdir {{.nix_store_closure}}
-      - cp -R $(nix-store -qR result/) {{.nix_store_closure}}
+      - cp -R $(nix-store -qR {{.output_dir}}/) {{.nix_store_closure}}
       - |+
         export TF_PLUGIN_CACHE_DIR="$PWD/.terraform.d/plugin-cache"
         # for dir in $(ls -d ./infrastructure-templates/{{.cloudprovider}}/*); do
@@ -53,25 +54,27 @@ tasks:
       - |+
         dir=$(mktemp -d)
         rm -rf context.tar
-        mv tf.zst result $dir
-        mv /tmp/nix-store-closure $dir/nixstore
+        mv tf.zst  $dir
+        mv {{.nix_store_closure}} $dir/nixstore
+        mv {{.output_dir}} $dir/result
         pushd $dir
         tar cf context.tar .
         popd
         mv $dir/context.tar .
-      - nerdctl build -f DockerfileNIX2 --build-arg CLOUD_PROVIDER={{.cloudprovider}} -t {{.Image}} . --no-cache
-      # - rm ./context.tar
+      # - docker buildx build -f DockerfileNIX2 --build-arg CLOUD_PROVIDER={{.cloudprovider}} --output=type=image,compression=zstd,force-compression=true,compression-level=22,push=true,oci-mediatypes=true -t {{.Image}} .
+      - nerdctl build -f DockerfileNIX2 -o type=oci,push=true,name={{.Image}},compression=zstd,compression-level=22,force-compression=true,oci-mediatype=true -t {{.Image}} .
+      - rm ./context.tar
 
   container:build-and-push:
     preconditions:
       - sh: '[[ -n "{{.Image}}" ]]'
         msg: 'var Image must have a value'
     vars:
       push: true
-      dockerArgs: "{{.DockerArgs | default ''}}"
     cmds:
-      - docker build -t {{.Image}} . {{.dockerArgs}}
-      - |+
-        if [ "{{.push}}" == "true" ]; then
-          docker push {{.Image}}
-        fi
+      - docker buildx build -f DockerfileNIX --output=type=image,compression=zstd,force-compression=true,compression-level=22,push=true,oci-mediatypes=true -t {{.Image}} .
+      # - docker build -f ./DockerfileNIX -t {{.Image}} . {{.dockerArgs}}
+      # - |+
+      #   if [ "{{.push}}" == "true" ]; then
+      #     docker push {{.Image}}
+      #   fi

cmd/gcp-spot-node-terminator/script.mjs

@@ -99,7 +99,7 @@ while (true) {
   }
 
   // checking preempted url
-  const {stdout: preemptedStatus} = await $`curl "http://169.254.169.254/computeMetadata/v1/instance/preempted" -H "Metadata-Flavor: Google"`
+  const {stdout: preemptedStatus} = await $`curl -s "http://169.254.169.254/computeMetadata/v1/instance/preempted" -H "Metadata-Flavor: Google"`
   if (preemptedStatus.trim().toLowerCase() == "true") {
     info("node is preempted, exiting")
     if (webhookURL){

flake.nix

@@ -14,6 +14,7 @@
             allowUnfree = true;
           };
         };
+
         binaries = with pkgs; [
           bash
           # coreutils
@@ -28,7 +29,7 @@
         ];
 
         container = pkgs.buildEnv {
-          name = "container";
+          name = "container2";
           paths = with pkgs; [
             bash
             envsubst
@@ -38,6 +39,16 @@
             terraform
           ];
         };
+
+        gcp-spot-node-terminator = pkgs.buildEnv {
+          name = "gcp-spot-node-terminator";
+          paths = with pkgs; [
+            bash
+            curl
+            zx
+            kubectl
+          ];
+        };
       in
       {
         devShells.default = pkgs.mkShell {
@@ -59,7 +70,7 @@
             # programming tools
 
             # build tools
-            podman
+            # podman
             upx
 
             nmap
@@ -97,7 +108,7 @@
         packages.container = pkgs.stdenv.mkDerivation {
           name = "container";
           src = container;
-          installPhase = "cp -rL $src $out/";
+          installPhase = "cp -r $src $out/";
           # buildInputs = binaries;
           # buildCommand = let
           #   copyBinaries = builtins.concatStringsSep "\n" (builtins.map(input: 

infrastructure-templates/gcp/master-nodes/main.tf

@@ -1,15 +1,25 @@
+resource "random_id" "name_suffix" {
+  keepers = {
+    # Generate a new id each time we switch to a new AMI name prefix
+    name_prefix = var.name_prefix
+  }
+
+  byte_length = 4
+}
+
 module "master-nodes-on-gcp" {
+  # source                     = "../../../terraform/bundles/gcp/master-nodes"
   source                     = "../../../terraform/bundles/gcp/master-nodes"
   machine_type               = var.machine_type
-  name_prefix                = var.name_prefix
+  name_prefix                = "${var.name_prefix}-${random_id.name_suffix.hex}"
   nodes                      = var.nodes
   provision_mode             = var.provision_mode
   kloudlite_params           = var.kloudlite_params
   save_ssh_key_to_path       = var.save_ssh_key_to_path
   cloudflare                 = var.cloudflare
   public_dns_host            = var.public_dns_host
   save_kubeconfig_to_path    = var.save_kubeconfig_to_path
-  tags                       = var.tags
+  labels                     = var.labels
   label_cloudprovider_region = var.gcp_region
   network                    = var.network
   service_account            = var.service_account

infrastructure-templates/gcp/master-nodes/variables-master-nodes.tf

@@ -52,7 +52,7 @@ variable "public_dns_host" {
 
 variable "cloudflare" {
   description = "cloudflare related parameters"
-  type        = object({
+  type = object({
     enabled   = bool
     api_token = optional(string)
     zone_id   = optional(string)
@@ -61,7 +61,7 @@ variable "cloudflare" {
 
   validation {
     error_message = "if enabled, all mandatory Cloudflare bucket details are specified"
-    condition     = var.cloudflare == null || (var.cloudflare.enabled == true && alltrue([
+    condition = var.cloudflare == null || (var.cloudflare.enabled == true && alltrue([
       var.cloudflare.api_token != "",
       var.cloudflare.zone_id != "",
       var.cloudflare.domain != "",
@@ -71,15 +71,15 @@ variable "cloudflare" {
 
 variable "kloudlite_params" {
   description = "kloudlite related parameters"
-  type        = object({
+  type = object({
     release            = string
     install_crds       = optional(bool, true)
     install_csi_driver = optional(bool, false)
     install_operators  = optional(bool, false)
 
     install_agent       = optional(bool, false)
     install_autoscalers = optional(bool, true)
-    agent_vars          = optional(object({
+    agent_vars = optional(object({
       account_name             = string
       cluster_name             = string
       cluster_token            = string
@@ -111,7 +111,7 @@ variable "label_cloudprovider_region" {
   default     = ""
 }
 
-variable "tags" {
+variable "labels" {
   type        = map(string)
   description = "map of Key => Value to be tagged along created resources"
   default     = {}