add aliyun registry

.github/workflows/convert-images.yaml

@@ -0,0 +1,44 @@
+name: 'Convert images to lunettes'
+on:
+  push:
+    branches:
+    - main
+    paths:
+    - 'hack/convert-image/**'
+  workflow_dispatch:
+
+env:
+  ACR_REGISTRY: registry.cn-hangzhou.aliyuncs.com
+  DOCKERHUB_REGISTRY: docker.io
+  TARGET_NAMESPACE: lunettes
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+
+      # git checkout code
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      # 登录 acr https://cr.console.aliyun.com/cn-hangzhou/instance/repositories
+      - name: Login to ACR
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.ACR_REGISTRY }}
+          username: ${{ secrets.ACR_USERNAME }}
+          password: ${{ secrets.ACR_TOKEN }}
+
+      # 登录 dockerhub
+      - name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Build and push
+        working-directory: ./hack/convert-image
+        run: |
+          chmod +x convert_images.sh
+          ./convert_images.sh ${{ env.ACR_REGISTRY }}/${{ env.TARGET_NAMESPACE }}
+          ./convert_images.sh ${{ env.DOCKERHUB_REGISTRY }}/${{ env.TARGET_NAMESPACE }}

.github/workflows/docker-helm.yml

@@ -7,12 +7,12 @@ on:
 
 env:
   DOCKERHUB_REGISTRY: registry-1.docker.io
-  DOCKERHUB_REGISTRY_NAMESPACE: lunettes
-  DOCKERHUB_LUNETTES_REPO: lunettes/lunettes
-  DOCKERHUB_GRAFANA_REPO: lunettes/grafana
+  ACR_REGISTRY: registry.cn-hangzhou.aliyuncs.com
+  REGISTRY_NAMESPACE: lunettes
+  LUNETTES_IMAGE_NAME: lunettes
+  GRAFANA_IMAGE_NAME: grafana
   # Plugins to be installed.
-  GRAFANA_PLUGINS: yesoreyeram-infinity-datasource,marcusolsson-json-datasource,marcusolsson-dynamictext-panel,volkovlabs-form-panel 3.1.0
-
+  GRAFANA_PLUGINS: "yesoreyeram-infinity-datasource,marcusolsson-json-datasource,marcusolsson-dynamictext-panel,volkovlabs-form-panel:3.1.0"
 
 jobs:
   main:
@@ -28,6 +28,13 @@ jobs:
       # Set up Docker buildx to facilitate the building of multi-platform images.
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v1
+      # 登录 acr https://cr.console.aliyun.com/cn-hangzhou/instance/repositories
+      - name: Login to ACR
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.ACR_REGISTRY }}
+          username: ${{ secrets.ACR_USERNAME }}
+          password: ${{ secrets.ACR_TOKEN }}
       # 登录 docker hub
       - name: Login to DockerHub
         uses: docker/login-action@v1
@@ -55,8 +62,10 @@ jobs:
             GOARCH=$(go env GOARCH)
           # Generate two Docker tags: ${APP_VERSION} 和 latest
           tags: |
-            ${{ env.DOCKERHUB_LUNETTES_REPO }}:latest
-            ${{ env.DOCKERHUB_LUNETTES_REPO }}:${{ env.APP_VERSION }}
+            ${{ env.DOCKERHUB_REGISTRY }}/${{ env.REGISTRY_NAMESPACE }}/${{ env.LUNETTES_IMAGE_NAME }}:latest
+            ${{ env.DOCKERHUB_REGISTRY }}/${{ env.REGISTRY_NAMESPACE }}/${{ env.LUNETTES_IMAGE_NAME }}:${{ env.APP_VERSION }}
+            ${{ env.ACR_REGISTRY }}/${{ env.REGISTRY_NAMESPACE }}/${{ env.LUNETTES_IMAGE_NAME }}:latest
+            ${{ env.ACR_REGISTRY }}/${{ env.REGISTRY_NAMESPACE }}/${{ env.LUNETTES_IMAGE_NAME }}:${{ env.APP_VERSION }}
       - name: Build and push grafana
         id: docker_build_grafana
         uses: docker/build-push-action@v2
@@ -72,23 +81,21 @@ jobs:
             PLUGINS=${{ env.GRAFANA_PLUGINS }}
           # Generate two Docker tags: ${APP_VERSION} 和 latest
           tags: |
-            ${{ env.DOCKERHUB_GRAFANA_REPO }}:latest
-            ${{ env.DOCKERHUB_GRAFANA_REPO }}:${{ env.APP_VERSION }}
+            ${{ env.DOCKERHUB_REGISTRY }}/${{ env.REGISTRY_NAMESPACE }}/${{ env.GRAFANA_IMAGE_NAME }}:latest
+            ${{ env.DOCKERHUB_REGISTRY }}/${{ env.REGISTRY_NAMESPACE }}/${{ env.GRAFANA_IMAGE_NAME }}:${{ env.APP_VERSION }}
+            ${{ env.ACR_REGISTRY }}/${{ env.REGISTRY_NAMESPACE }}/${{ env.GRAFANA_IMAGE_NAME }}:latest
+            ${{ env.ACR_REGISTRY }}/${{ env.REGISTRY_NAMESPACE }}/${{ env.GRAFANA_IMAGE_NAME }}:${{ env.APP_VERSION }}
 
       - uses: azure/setup-helm@v3
         id: install
 
-      - name: get epository name
-        run: echo "REPOSITORY_NAME=${GITHUB_REPOSITORY#*/}" >> $GITHUB_ENV
-
       - name: helm package chart
         run: |
-          sed -i 's/grafanaImage: lunettes\/grafana:latest/grafanaImage: lunettes\/grafana:${{ env.APP_VERSION }}/g' deploy/helm/lunettes/values.yaml
-          sed -i 's/lunettesImage: lunettes\/lunettes:latest/lunettesImage: lunettes\/lunettes:${{ env.APP_VERSION }}/g' deploy/helm/lunettes/values.yaml
+          sed -i 's/    tag: version/    tag: ${{ env.APP_VERSION }}/g' deploy/helm/lunettes/values.yaml
           helm package deploy/helm/lunettes --app-version=${{ env.APP_VERSION }} --version=${{ env.APP_VERSION }} -d _out
 
       - name: helm push chart
         # OCI artifacts on Docker Hub 
         # see: https://docs.docker.com/docker-hub/oci-artifacts/
         run: |
-          helm push _out/lunettes-chart-${{ env.APP_VERSION }}.tgz oci://${{ env.DOCKERHUB_REGISTRY }}/${{ env.DOCKERHUB_REGISTRY_NAMESPACE }}
+          helm push _out/lunettes-chart-${{ env.APP_VERSION }}.tgz oci://${{ env.DOCKERHUB_REGISTRY }}/${{ env.REGISTRY_NAMESPACE }}

.github/workflows/e2e-test.yml

@@ -5,18 +5,32 @@ on:
   pull_request:
 
 env:
-  LUNETTES_DOCKERHUB_REPO: local/lunettes
+  REGISTRY: local.io
+  REGISTRY_NAMESPACE: lunettes
 
 jobs:
   create-cluster:
     runs-on: ubuntu-latest
     steps:
+    # Free disk space
+    - name: Free disk space 🧹
+      uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be
+      with:
+        android: true
+        dotnet: true
+        haskell: true
+        large-packages: false
+        docker-images: false
+        swap-storage: false
+
     # git checkout code
     - name: Checkout
       uses: actions/checkout@v2
+
     # Use the git command to retrieve the current tag information and store it in the environment variable APP_VERSION.
     - name: Generate App Version
       run: echo APP_VERSION=`git describe --tags --always` >> $GITHUB_ENV
+
     - name: Build lunettes
       id: docker_build_lunettes
       uses: docker/build-push-action@v2
@@ -26,31 +40,59 @@ jobs:
         # docker build arg
         build-args: |
           GOARCH=$(go env GOARCH)
-        # Generate two Docker tags: ${APP_VERSION}
         tags: |
-          ${{ env.LUNETTES_DOCKERHUB_REPO }}:${{ env.APP_VERSION }}
+          ${{ env.REGISTRY }}/${{ env.REGISTRY_NAMESPACE }}/${{ env.REGISTRY_NAMESPACE }}:${{ env.APP_VERSION }}
+
+    - name: Build grafana
+      id: docker_build_grafana
+      uses: docker/build-push-action@v2
+      with:
+        push: false
+        file: build/docker/Dockerfile.grafana
+        # docker build arg
+        build-args: |
+            GRAFANA_PLUGINS="yesoreyeram-infinity-datasource,marcusolsson-json-datasource,marcusolsson-dynamictext-panel,volkovlabs-form-panel:3.1.0"
+        tags: |
+          ${{ env.REGISTRY }}/${{ env.REGISTRY_NAMESPACE }}/grafana:${{ env.APP_VERSION }}
+
+    - name: Pull dependcy
+      working-directory: ./hack/convert-image
+      run: |
+        chmod +x convert_images.sh
+        ./convert_images.sh ${{ env.REGISTRY }}/${{ env.REGISTRY_NAMESPACE }} local
+
+        # 将前面构建的 lunettes 和 grafana 镜像名追加到 /tmp/_out.txt 中，以便于后续统一 load 到 kind 中
+        echo ${{ env.REGISTRY }}/${{ env.REGISTRY_NAMESPACE }}/${{ env.REGISTRY_NAMESPACE }}:${{ env.APP_VERSION }} >> /tmp/_out.txt
+        echo ${{ env.REGISTRY }}/${{ env.REGISTRY_NAMESPACE }}/grafana:${{ env.APP_VERSION }} >> /tmp/_out.txt
+        cat /tmp/_out.txt
+
     - name: Create k8s Kind Cluster
       uses: helm/[email protected]
       with:
         config: hack/kind.yaml
         cluster_name: k8s
+
     - name: Test kind
       run: |
         kubectl get ns
+
     - name: kind load image
       run: |
-        kind load docker-image --name k8s ${{ env.LUNETTES_DOCKERHUB_REPO }}:${{ env.APP_VERSION }}
+        # 从 /tmp/_out.txt 加载依赖镜像
+        while IFS= read -r image || [[ -n "$image" ]]; do
+          echo "load image $image"
+          kind load docker-image --name k8s $image
+          docker rmi $image
+        done < "/tmp/_out.txt"
+
     - uses: azure/setup-helm@v3
       id: install
     - name: Deploy lunettes
       run: |
-        helm upgrade --install lunettes deploy/helm/lunettes/ \
-          --set lunettesImage=${{ env.LUNETTES_DOCKERHUB_REPO }}:${{ env.APP_VERSION }} \
-          --set enableAuditApiserver=true \
-          --set lunettesType=NodePort \
-          --set grafanadiType=NodePort \
-          --set grafanaType=NodePort \
-          --set jaegerType=NodePort
+        sed -i 's/    tag: version/    tag: ${{ env.APP_VERSION }}/g' deploy/helm/lunettes/values.yaml
+        helm upgrade --install lunettes deploy/helm/lunettes \
+          --set global.registry=${{ env.REGISTRY }}
+
         # waiting for lunettes ready
         set +e
         all_pods=$(kubectl -n lunettes get pods -o jsonpath='{.items[*].metadata.name}')
@@ -60,6 +102,8 @@ jobs:
           all_pods_running=true
           for pod in ${all_pods}
           do
+            images=$(kubectl -n lunettes get pod ${pod} -o=jsonpath='{range .spec.containers[*]}{.image}{"\n"}{end}')
+            echo "podname ${pod}, image $images"
             status=$(kubectl -n lunettes get pod ${pod} --output=jsonpath="{.status.phase}" )
             if [ "${status}" != "Running" ]
             then
@@ -92,11 +136,15 @@ jobs:
         kubectl run nginx --image=nginx
         sleep 30
         kubectl get pods
-        sleep 5m
+        sleep 1m
         echo "waiting for lunettes process audit"
     - name: Test podinfo api with curl
       run: |
-        response=$(curl -X GET "http://localhost:9099/podinfotable?searchkey=name&searchvalue=nginx")
+        kubectl -n lunettes get svc
+        kubectl get no --show-labels
+        curl -X GET 'http://localhost:9094/_cat/indices?v'
+        response=$(curl -X GET --connect-timeout 3 --max-time 5 "http://localhost:9099/podinfotable?searchkey=name&searchvalue=nginx")
+        echo "response is $response"
         if echo "$response" | grep -q "nginx"; then
           echo "URL test passed"
         else

README-zh_CN.md

@@ -54,11 +54,28 @@ Lunettes 可以识别容器生命周期每个交付阶段的开始和结尾，
 
 ```bash
 # install lunettes
-# 该过程开启apiserver的审计功能，apiserver会发生重启
-helm upgrade --install lunettes oci://registry-1.docker.io/lunettes/lunettes-chart --version [version] 
+export VERSION=$(curl -s https://api.github.com/repos/alipay/container-observability-service/releases/releases/latest | grep tag_name | cut -d'"' -f4)
+
+helm upgrade \
+  --cleanup-on-fail \
+  --install lunettes oci://registry-1.docker.io/lunettes/lunettes-chart --version ${VERSION} \
+  --namespace lunettes \
+  --create-namespace
+```
+
+国内部署使用阿里云镜像加速
+```bash
+export VERSION=$(curl -s https://api.github.com/repos/alipay/container-observability-service/releases/releases/latest | grep tag_name | cut -d'"' -f4)
+
+helm upgrade \
+  --cleanup-on-fail \
+  --install lunettes oci://registry-1.docker.io/lunettes/lunettes-chart --version ${VERSION} \
+  --namespace lunettes \
+  --create-namespace \
+  --set global.registry=registry.cn-hangzhou.aliyuncs.com
 ```
 
-查看可用的[版本号](https://hub.docker.com/r/lunettes/lunettes-chart/tags)
+查看历史的[版本号](https://hub.docker.com/r/lunettes/lunettes-chart/tags)
 
 第三步：获取 Lunettes 服务的接口
 ```bash

README.md

@@ -59,15 +59,28 @@ Step2: Install Lunettes with Helm
 Note: Beginning in Helm v3.8.0, OCI support is enabled by default, and it graduated from experimental to general availability. So you‘d better choose Helm v3.8.0 or above.
 
 ```bash
-# Use NodePort
-helm install lunettes oci://registry-1.docker.io/lunettes/lunettes-chart --version [version] \
-  # Setting enableAuditApiserver to true will enable the auditing of the apiserver for you.
-  # Please note that this process will restart the apiserver.
-  --set enableAuditApiserver=true \
-  --set grafanaType=NodePort \
-  --set jaegerType=NodePort 
+export VERSION=$(curl -s https://api.github.com/repos/alipay/container-observability-service/releases/releases/latest | grep tag_name | cut -d'"' -f4)
+
+helm upgrade \
+  --cleanup-on-fail \
+  --install lunettes oci://registry-1.docker.io/lunettes/lunettes-chart --version ${VERSION} \
+  --namespace lunettes \
+  --create-namespace
 ```
-see available [version](https://hub.docker.com/r/lunettes/lunettes-chart/tags)
+
+If you want to download quickly in China, the configuration can be like:
+```bash
+export VERSION=$(curl -s https://api.github.com/repos/alipay/container-observability-service/releases/releases/latest | grep tag_name | cut -d'"' -f4)
+
+helm upgrade \
+  --cleanup-on-fail \
+  --install lunettes oci://registry-1.docker.io/lunettes/lunettes-chart --version ${VERSION} \
+  --namespace lunettes \
+  --create-namespace \
+  --set global.registry=registry.cn-hangzhou.aliyuncs.com
+```
+
+You can also install previous [versions](https://hub.docker.com/r/lunettes/lunettes-chart/tags) of lunettes
 
 Step3: Find the endpoint of Lunettes dashboard service
 ```bash

build/docker/Dockerfile.grafana

@@ -8,16 +8,28 @@ WORKDIR /app/yaml_panel
 # 安装依赖并编译
 RUN npm install \
     && npm run build
+
 # Use the official Grafana image as the base image.
-FROM grafana/grafana:latest
+FROM grafana/grafana:10.4.2-ubuntu
 
 COPY --from=node /app/yaml_panel/dist /var/lib/grafana/plugins/antgroup-yaml-panel
 
 # Define the list of plugins to install, separated by spaces.
 ARG PLUGINS="" 
 
 # Install each plugin.
-ARG IFS=','
-RUN for plugin in $PLUGINS; do \
+RUN set -e; \
+    ORIG_IFS=${IFS}; \
+    IFS=','; \
+    for plugin in $PLUGINS; do \
+    if echo "$plugin" | grep -q ':'; then \
+      plugin_name=$(echo $plugin | cut -d ':' -f1); \
+      plugin_version=$(echo $plugin | cut -d ':' -f2); \
+      echo "Installing plugin $plugin_name version $plugin_version"; \
+      grafana-cli plugins install $plugin_name $plugin_version; \
+    else \
+      echo "Installing plugin $plugin"; \
       grafana-cli plugins install $plugin; \
-    done
+    fi \
+    done; \
+    IFS=${ORIG_IFS};

build/docker/Dockerfile.lunettes

@@ -5,7 +5,6 @@ FROM golang:1.20.3 as builder
 WORKDIR /src
 COPY . .
 
-RUN ls
 # Build
 RUN GO111MODULE=on CGO_ENABLED=0 GOOS=linux GOARCH=${GOARCH} go build -v -a -o aggregator ./cmd/aggregator
 RUN GO111MODULE=on CGO_ENABLED=0 GOOS=linux GOARCH=${GOARCH} go build -v -a -o auditinstaller ./cmd/audit_init

deploy/helm/lunettes/templates/audit-apiserver/audit-apiserver-cm.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.enableAuditApiserver }}
+{{- if .Values.auditApierver.enableAuditApiserver }}
 apiVersion: v1
 data:
   audit-policy.yaml: |
@@ -47,5 +47,5 @@ data:
 kind: ConfigMap
 metadata:
   name: apiserver-audit-config
-  namespace: {{ .Values.namespace }}
+  namespace: {{ .Values.global.namespace }}
 {{- end }}