|
| 1 | +package builder |
| 2 | + |
| 3 | +const ( |
| 4 | + // Config system constants |
| 5 | + AkashConfigVolume = "akash-cfg" |
| 6 | + AkashConfigMount = "/akash-cfg" |
| 7 | + AkashConfigInitName = "akash-init" |
| 8 | + AkashConfigEnvFile = "config.env" |
| 9 | + |
| 10 | + // RBAC constants |
| 11 | + AkashRoleName = "akash-role" |
| 12 | + AkashRoleBinding = "akash-binding" |
| 13 | + |
| 14 | + // Init container script |
| 15 | + akashInitScript = ` |
| 16 | + # Install jq |
| 17 | + apk add --no-cache jq curl &>/dev/null |
| 18 | +
|
| 19 | + # Define default paths if not set |
| 20 | + AKASH_CONFIG_PATH="${AKASH_CONFIG_PATH:-/akash/config}" |
| 21 | + AKASH_CONFIG_FILE="${AKASH_CONFIG_FILE:-env.sh}" |
| 22 | + |
| 23 | + # Validate paths |
| 24 | + [ "$AKASH_CONFIG_PATH" = "/" ] && AKASH_CONFIG_PATH="/tmp/akash" |
| 25 | + AKASH_CONFIG_PATH="${AKASH_CONFIG_PATH%/}" |
| 26 | +
|
| 27 | + # Create config directory if it doesn't exist |
| 28 | + mkdir -p "${AKASH_CONFIG_PATH}" |
| 29 | +
|
| 30 | + if [ "$AKASH_REQUIRES_NODEPORT" != "true" ]; then |
| 31 | + touch "${AKASH_CONFIG_PATH}/${AKASH_CONFIG_FILE}" |
| 32 | + echo "# No NodePorts required" >> "${AKASH_CONFIG_PATH}/${AKASH_CONFIG_FILE}" |
| 33 | + exit 0 |
| 34 | + fi |
| 35 | +
|
| 36 | + # Get service information using the Kubernetes API |
| 37 | + NAMESPACE=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace) |
| 38 | + TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token) |
| 39 | + CACERT=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt |
| 40 | + API_SERVER="https://kubernetes.default.svc:443" |
| 41 | + BASE_API_URL="${API_SERVER}/api/v1/namespaces/${NAMESPACE}" |
| 42 | + |
| 43 | + # Function to get first valid service using jq |
| 44 | + get_valid_service() { |
| 45 | + local service_name="$1" |
| 46 | + local services_json |
| 47 | + |
| 48 | + services_json=$(curl -s --cacert "${CACERT}" -H "Authorization: Bearer ${TOKEN}" "${BASE_API_URL}/services/") |
| 49 | + |
| 50 | + echo "$services_json" | jq -r " |
| 51 | + (.items[] | select(.metadata.name == \"${service_name}\") | .metadata.name) // |
| 52 | + (.items[] | select(.metadata.name == \"${service_name}-np\") | .metadata.name) // |
| 53 | + (.items[] | select(.metadata.name | contains(\"${service_name}\")) | .metadata.name) // |
| 54 | + empty |
| 55 | + " | head -n 1 |
| 56 | + } |
| 57 | + |
| 58 | + # Get the valid service name |
| 59 | + ACTUAL_SERVICE_NAME=$(get_valid_service "${SERVICE_NAME}") |
| 60 | + |
| 61 | + [ -z "$ACTUAL_SERVICE_NAME" ] && ACTUAL_SERVICE_NAME="${SERVICE_NAME}" |
| 62 | + |
| 63 | + API_URL="${BASE_API_URL}/services/${ACTUAL_SERVICE_NAME}" |
| 64 | + TEMP_FILE="${AKASH_CONFIG_PATH}/.tmp.${AKASH_CONFIG_FILE}" |
| 65 | + CONFIG_FILE="${AKASH_CONFIG_PATH}/${AKASH_CONFIG_FILE}" |
| 66 | + |
| 67 | + # Create initial config file header |
| 68 | + echo "# Akash config generated on $(date)" > "$TEMP_FILE" |
| 69 | + echo "# Service: ${ACTUAL_SERVICE_NAME}" >> "$TEMP_FILE" |
| 70 | + |
| 71 | + # Add retries with exponential backoff |
| 72 | + MAX_ATTEMPTS=30 |
| 73 | + for i in $(seq 1 $MAX_ATTEMPTS); do |
| 74 | + # Query the service to get NodePort mappings |
| 75 | + RESPONSE=$(curl -s --max-time 5 --retry 3 --retry-delay 1 --cacert "${CACERT}" \ |
| 76 | + -H "Authorization: Bearer ${TOKEN}" \ |
| 77 | + "${API_URL}") |
| 78 | + |
| 79 | + # Check service type first |
| 80 | + SERVICE_TYPE=$(echo "$RESPONSE" | jq -r '.spec.type // "unknown"') |
| 81 | + |
| 82 | + if [ "$SERVICE_TYPE" = "NodePort" ]; then |
| 83 | + # Service is NodePort, extract nodePort values |
| 84 | + NODE_PORTS=$(echo "$RESPONSE" | jq -r '.spec.ports[] | select(.nodePort != null) | "export AKASH_EXTERNAL_PORT_\(.targetPort)+=\(.nodePort)"' 2>/dev/null || echo "") |
| 85 | + |
| 86 | + if [ -n "$NODE_PORTS" ]; then |
| 87 | + echo "$NODE_PORTS" >> "$TEMP_FILE" |
| 88 | + mv "$TEMP_FILE" "$CONFIG_FILE" |
| 89 | + exit 0 |
| 90 | + fi |
| 91 | + elif [ "$SERVICE_TYPE" = "LoadBalancer" ]; then |
| 92 | + # Service is LoadBalancer, check for external IPs |
| 93 | + EXTERNAL_IPS=$(echo "$RESPONSE" | jq -r '.status.loadBalancer.ingress[]?.ip // empty' 2>/dev/null || echo "") |
| 94 | + if [ -n "$EXTERNAL_IPS" ]; then |
| 95 | + echo "export AKASH_EXTERNAL_IP+=${EXTERNAL_IPS}" >> "$TEMP_FILE" |
| 96 | + mv "$TEMP_FILE" "$CONFIG_FILE" |
| 97 | + exit 0 |
| 98 | + fi |
| 99 | + elif [ "$SERVICE_TYPE" = "ClusterIP" ]; then |
| 100 | + # Service is ClusterIP with dedicated IP |
| 101 | + echo "# Service type is ClusterIP with dedicated IP" >> "$TEMP_FILE" |
| 102 | + |
| 103 | + # Get service ports for reference |
| 104 | + PORTS=$(echo "$RESPONSE" | jq -r '.spec.ports[] | "# Port \(.port) -> \(.targetPort)"' 2>/dev/null || echo "# No port mappings found") |
| 105 | + echo "$PORTS" >> "$TEMP_FILE" |
| 106 | + |
| 107 | + # Move to final file after waiting for some time, in case it's still being configured |
| 108 | + if [ $i -gt 5 ]; then |
| 109 | + mv "$TEMP_FILE" "$CONFIG_FILE" |
| 110 | + exit 0 |
| 111 | + fi |
| 112 | + fi |
| 113 | + |
| 114 | + # Exponential backoff with max of 10 seconds |
| 115 | + SLEEP_TIME=$((2 ** ((i-1) > 3 ? 3 : (i-1)))) |
| 116 | + sleep $SLEEP_TIME |
| 117 | + done |
| 118 | +
|
| 119 | + # Create empty config file to prevent container from failing |
| 120 | + echo "# Warning: Service configuration timeout after $MAX_ATTEMPTS attempts" >> "$TEMP_FILE" |
| 121 | + echo "# Service type: ${SERVICE_TYPE}" >> "$TEMP_FILE" |
| 122 | + mv "$TEMP_FILE" "$CONFIG_FILE" |
| 123 | + exit 0 |
| 124 | +` |
| 125 | +) |
0 commit comments