A CLI for Harvester by mohamed.belgaied

[comment]: # Harvester does not officially come with a CLI tool, the user is supposed to interact with Harvester mostly through the UI [comment]: # Though it is theoretically possible to use kubectl to interact with Harvester, the manipulation of Kubevirt YAML objects is absolutely not user friendly. [comment]: # Inspired by tools like multipass from Canonical to easily and rapidly create one of multiple VMs, I began the development of Harvester CLI. Currently, it works but Harvester CLI needs some love to be up-to-date with Harvester v1.0.2 and needs some bug fixes and improvements as well.

Project Description

Harvester CLI is a command line interface tool written in Go, designed to simplify interfacing with a Harvester cluster as a user. It is especially useful for testing purposes as you can easily and rapidly create VMs in Harvester by providing a simple command such as: harvester vm create my-vm --count 5 to create 5 VMs named my-vm-01 to my-vm-05.

Harvester CLI is functional but needs a number of improvements: up-to-date functionality with Harvester v1.0.2 (some minor issues right now), modifying the default behaviour to create an opensuse VM instead of an ubuntu VM, solve some bugs, etc.

Github Repo for Harvester CLI: https://github.com/belgaied2/harvester-cli

Done in previous Hackweeks

• Create a Github actions pipeline to automatically integrate Harvester CLI to Homebrew repositories: DONE
• Automatically package Harvester CLI for OpenSUSE / Redhat RPMs or DEBs: DONE

Goal for this Hackweek

The goal for this Hackweek is to bring Harvester CLI up-to-speed with latest Harvester versions (v1.3.X and v1.4.X), and improve the code quality as well as implement some simple features and bug fixes.

Some nice additions might be: * Improve handling of namespaced objects * Add features, such as network management or Load Balancer creation ? * Add more unit tests and, why not, e2e tests * Improve CI * Improve the overall code quality * Test the program and create issues for it

Issue list is here: https://github.com/belgaied2/harvester-cli/issues

Resources

The project is written in Go, and using client-go the Kubernetes Go Client libraries to communicate with the Harvester API (which is Kubernetes in fact). Welcome contributions are:

• Testing it and creating issues
• Documentation
• Go code improvement

What you might learn

Harvester CLI might be interesting to you if you want to learn more about:

• GitHub Actions
• Harvester as a SUSE Product
• Go programming language
• Kubernetes API

---

Mammuthus - The NFS-Ganesha inside Kubernetes controller by vcheng

Description

As the user-space NFS provider, the NFS-Ganesha is wieldy use with serval projects. e.g. Longhorn/Rook. We want to create the Kubernetes Controller to make configuring NFS-Ganesha easy. This controller will let users configure NFS-Ganesha through different backends like VFS/CephFS.

Goals

1. Create NFS-Ganesha Package on OBS: nfs-ganesha5, nfs-ganesha6
2. Create NFS-Ganesha Container Image on OBS: Image
3. Create a Kubernetes controller for NFS-Ganesha and support the VFS configuration on demand. Mammuthus

Resources

NFS-Ganesha

---

kubectl clone: Seamlessly Clone Kubernetes Resources Across Multiple Rancher Clusters and Projects by dpunia

Description

kubectl clone is a kubectl plugin that empowers users to clone Kubernetes resources across multiple clusters and projects managed by Rancher. It simplifies the process of duplicating resources from one cluster to another or within different namespaces and projects, with optional on-the-fly modifications. This tool enhances multi-cluster resource management, making it invaluable for environments where Rancher orchestrates numerous Kubernetes clusters.

Goals

1. Seamless Multi-Cluster Cloning
   • Clone Kubernetes resources across clusters/projects with one command.
   • Simplifies management, reduces operational effort.

Resources

1. Rancher & Kubernetes Docs

   • Rancher API, Cluster Management, Kubernetes client libraries.

2. Development Tools

   • Kubectl plugin docs, Go programming resources.

Building and Installing the Plugin

1. Set Environment Variables: Export the Rancher URL and API token:

• export RANCHER_URL="https://rancher.example.com"
• export RANCHER_TOKEN="token-xxxxx:xxxxxxxxxxxxxxxxxxxx"

1. Build the Plugin: Compile the Go program:

• go build -o kubectl-clone ./pkg/

1. Install the Plugin: Move the executable to a directory in your PATH:

• mv kubectl-clone /usr/local/bin/

Ensure the file is executable:

• chmod +x /usr/local/bin/kubectl-clone

1. Verify the Plugin Installation: Test the plugin by running:

• kubectl clone --help

You should see the usage information for the kubectl-clone plugin.

Usage Examples

1. Clone a Deployment from One Cluster to Another:

• kubectl clone --source-cluster c-abc123 --type deployment --name nginx-deployment --target-cluster c-def456 --new-name nginx-deployment-clone

1. Clone a Service into Another Namespace and Modify Labels:

---

Rancher/k8s Trouble-Maker by tonyhansen

Project Description

When studying for my RHCSA, I found trouble-maker, which is a program that breaks a Linux OS and requires you to fix it. I want to create something similar for Rancher/k8s that can allow for troubleshooting an unknown environment.

Goal for this Hackweek

Create a basic framework for creating Rancher/k8s cluster lab environments as needed for the Break/Fix Create at least 5 modules that can be applied to the cluster and require troubleshooting

Resources

https://github.com/rancher/terraform-provider-rancher2 https://github.com/rancher/tf-rancher-up

---

Integrate Backstage with Rancher Manager by nwmacd

Description

Backstage (backstage.io) is an open-source, CNCF project that allows you to create your own developer portal. There are many plugins for Backstage.

This could be a great compliment to Rancher Manager.

Goals

Learn and experiment with Backstage and look at how this could be integrated with Rancher Manager. Goal is to have some kind of integration completed in this Hack week.

Progress

Screen shot of home page at the end of Hackweek:

Day One

• Got Backstage running locally, understanding configuration with HTTPs.
• Got Backstage embedded in an IFRAME inside of Rancher
• Added content into the software catalog (see: https://backstage.io/docs/features/techdocs/getting-started/)
• Understood more about the entity model

Day Two

• Connected Backstage to the Rancher local cluster and configured the Kubernetes plugin.
• Created Rancher theme to make the light theme more consistent with Rancher

Days Three and Day Four

• Created two backend plugins for Backstage:

  1. Catalog Entity Provider - this imports users from Rancher into Backstage
  2. Auth Provider - uses the proxied sign-in pattern to check the Rancher session cookie, to user that to authenticate the user with Rancher and then log them into Backstage by connecting this to the imported User entity from the catalog entity provider plugin.

• With this in place, you can single-sign-on between Rancher and Backstage when it is deployed within Rancher. Note this is only when running locally for development at present

Day Five

• Start to build out a production deployment for all of the above
• Made some progress, but hit issues with the authentication and proxying when running proxied within Rancher, which needs further investigation

---

OIDC Loginproxy by toe

Description

Reverse proxies can be a useful option to separate authentication logic from application logic. SUSE and openSUSE use "loginproxies" as an authentication layer in front of several services.

Currently, loginproxies exist which support LDAP authentication or SAML authentication.

Goals

The goal of this Hack Week project is, to create another loginproxy which supports OpenID Connect authentication which can then act as a drop-in replacement for the existing LDAP or SAML loginproxies.

Testing is intended to focus on the integration with OIDC IDPs from Okta, KanIDM and Authentik.

Resources

• #122254: Migrate away from login proxies to SSO

---

OIDC Loginproxy by toe

Description

Reverse proxies can be a useful option to separate authentication logic from application logic. SUSE and openSUSE use "loginproxies" as an authentication layer in front of several services.

Currently, loginproxies exist which support LDAP authentication or SAML authentication.

Goals

The goal of this Hack Week project is, to create another loginproxy which supports OpenID Connect authentication which can then act as a drop-in replacement for the existing LDAP or SAML loginproxies.

Testing is intended to focus on the integration with OIDC IDPs from Okta, KanIDM and Authentik.

Resources

• #122254: Migrate away from login proxies to SSO

---

Kanidm: A safe and modern IDM system by firstyear

Kanidm is an IDM system written in Rust for modern systems authentication. The github repo has a detailed "getting started" on the readme.

Kanidm Github

In addition Kanidm has spawn a number of adjacent projects in the Rust ecosystem such as LDAP, Kerberos, Webauthn, and cryptography libraries.

In this hack week, we'll be working on Quokca, a certificate authority that supports PKCS11/TPM storage of keys, issuance of PIV certificates, and ACME without the feature gatekeeping implemented by other CA's like smallstep.

For anyone who wants to participate in Kanidm, we have documentation and developer guides which can help.

I'm happy to help and share more, so please get in touch!

---