RHOAIENG-32532: Move codeflare common and operator items to sdk

Author: kryanbeane

.github/kind/action.yml

@@ -0,0 +1,114 @@
+name: "Set up KinD"
+description: "Step to start and configure KinD cluster"
+
+inputs:
+  node-hostname:
+    description: "Hostname of the main kind node"
+    required: false
+    default: kind
+  cluster-name:
+    description: "Name of the KinD cluster"
+    required: false
+    default: cluster
+  worker-nodes:
+    description: "Number of worker nodes"
+    required: false
+    default: 0
+  label-prefix:
+    description: "Prefix to add to worker node labels"
+    required: false
+    default: worker
+
+runs:
+  using: "composite"
+  steps:
+    - name: Init directories
+      shell: bash
+      run: |
+        TEMP_DIR="$(pwd)/tmp"
+        mkdir -p "${TEMP_DIR}"
+        echo "TEMP_DIR=${TEMP_DIR}" >> $GITHUB_ENV
+
+        mkdir -p "$(pwd)/bin"
+        echo "$(pwd)/bin" >> $GITHUB_PATH
+
+    - name: Container image registry
+      shell: bash
+      run: |
+        podman run -d -p 5000:5000 --name registry registry:2.8.1
+
+        export NODE_IMAGE="kindest/node:v1.26.0@sha256:691e24bd2417609db7e589e1a479b902d2e209892a10ce375fab60a8407c7352"
+
+        export REGISTRY_ADDRESS=$(hostname -i):5000
+        echo "REGISTRY_ADDRESS=${REGISTRY_ADDRESS}" >> $GITHUB_ENV
+        echo "Container image registry started at ${REGISTRY_ADDRESS}"
+
+        KIND_CONFIG_FILE=${{ env.TEMP_DIR }}/kind.yaml
+
+        WORKER_NODES=${{ inputs.worker-nodes }}
+        LABEL_PREFIX=${{ inputs.label-prefix }}
+
+        if [ "$WORKER_NODES" -gt 0 ]; then
+          for i in $(seq 1 $WORKER_NODES); do
+            sed -i "/^nodes:/a \ \ - role: worker\n    image: ${NODE_IMAGE}\n    labels:\n      ${LABEL_PREFIX}-${i}: true\n    extraMounts:\n      - hostPath: /dev/null\n        containerPath: /var/run/nvidia-container-devices/all" ${GITHUB_ACTION_PATH}/resources/kind.yaml
+          done
+        fi
+
+        echo "KIND_CONFIG_FILE=${KIND_CONFIG_FILE}" >> $GITHUB_ENV
+        envsubst < ${GITHUB_ACTION_PATH}/resources/kind.yaml > ${KIND_CONFIG_FILE}
+
+        sudo --preserve-env=REGISTRY_ADDRESS sh -c 'cat > /etc/containers/registries.conf.d/local.conf <<EOF
+        [[registry]]
+        prefix = "$REGISTRY_ADDRESS"
+        insecure = true
+        location = "$REGISTRY_ADDRESS"
+        EOF'
+
+    - name: Setup KinD cluster
+      uses: helm/[email protected]
+      with:
+        cluster_name: ${{ inputs.cluster-name }}
+        version: v0.17.0
+        config: ${{ env.KIND_CONFIG_FILE }}
+
+    - name: Print cluster info
+      shell: bash
+      run: |
+        echo "KinD cluster:"
+        kubectl cluster-info
+        kubectl describe nodes
+
+    - name: Install Ingress controller
+      shell: bash
+      run: |
+        VERSION=controller-v1.9.6
+        echo "Deploying Ingress controller into KinD cluster"
+        curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/"${VERSION}"/deploy/static/provider/kind/deploy.yaml | sed "s/--publish-status-address=localhost/--report-node-internal-ip-address\\n        - --status-update-interval=10/g" | kubectl apply -f -
+        kubectl annotate ingressclass nginx "ingressclass.kubernetes.io/is-default-class=true"
+        # Turn on SSL Passthrough
+        kubectl patch deploy --type json --patch '[{"op":"add","path": "/spec/template/spec/containers/0/args/-","value":"--enable-ssl-passthrough"}]' ingress-nginx-controller -n ingress-nginx
+
+        kubectl -n ingress-nginx wait --timeout=300s --for=condition=Available deployments --all
+
+    - name: Setup Dnsmasq to resolve hostnames with domain name ${{ inputs.node-hostname }}
+      shell: bash
+      run: |
+        # Based on https://sixfeetup.com/blog/local-development-with-wildcard-dns-on-linux
+        sudo apt-get -y install dnsmasq
+
+        sudo sed -i -E "s/#DNS=/DNS=127.0.0.2/" /etc/systemd/resolved.conf
+        sudo sed -i -E "s/#Domains=/Domains=~${{ inputs.node-hostname }}/" /etc/systemd/resolved.conf
+        sudo systemctl restart systemd-resolved
+
+        sudo sed -i -E "s/#IGNORE_RESOLVCONF=yes/IGNORE_RESOLVCONF=yes/" /etc/default/dnsmasq
+        sudo sed -i -E "s/#listen-address=/listen-address=127.0.0.2/" /etc/dnsmasq.conf
+        sudo sed -i -E "s/#bind-interfaces/bind-interfaces/" /etc/dnsmasq.conf
+        sudo sed -i -E "s|#(address=).*|\1/${{ inputs.node-hostname }}/127.0.0.1|" /etc/dnsmasq.conf
+        sudo systemctl restart dnsmasq
+        systemctl status dnsmasq
+
+    - name: Set env variables for tests to properly leverage KinD cluster
+      shell: bash
+      run: |
+        echo "CLUSTER_TYPE=KIND" >> $GITHUB_ENV
+        echo "CLUSTER_HOSTNAME=${{ inputs.node-hostname }}" >> $GITHUB_ENV

.github/kind/kind-add-user/action.yml

@@ -0,0 +1,42 @@
+name: "Add custom user to KinD"
+description: "Step to add custom user to KinD"
+
+inputs:
+  user-name:
+    description: "Name of the user added to KinD"
+    required: true
+  cluster-name:
+    description: "Name of the KinD cluster"
+    required: false
+    default: cluster
+
+runs:
+  using: "composite"
+  steps:
+    - name: Add user to KinD context
+      run: |
+        # Get KinD certificates
+        docker cp ${{ inputs.cluster-name }}-control-plane:/etc/kubernetes/pki/ca.crt .
+        docker cp ${{ inputs.cluster-name }}-control-plane:/etc/kubernetes/pki/ca.key .
+
+        # Generate certificates for new user
+        openssl genrsa -out user.key 2048
+        openssl req -new -key user.key -out user.csr -subj '/CN=${{ inputs.user-name }}/O=tenant'
+        openssl x509 -req -in user.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out user.crt -days 360
+
+        # Add generated certificated to KinD context
+        user_crt=$(base64 --wrap=0 user.crt)
+        user_key=$(base64 --wrap=0 user.key)
+        yq eval -i ".contexts += {\"context\": {\"cluster\": \"kind-${{ inputs.cluster-name }}\", \"user\": \"${{ inputs.user-name }}\"}, \"name\": \"${{ inputs.user-name }}\"}" $HOME/.kube/config
+        yq eval -i ".users += {\"name\": \"${{ inputs.user-name }}\", \"user\": {\"client-certificate-data\": \"$user_crt\", \"client-key-data\": \"$user_key\"}}" $HOME/.kube/config
+
+        cat $HOME/.kube/config
+
+        # Cleanup
+        rm --force ca.crt
+        rm --force ca.srl
+        rm --force ca.key
+        rm --force user.crt
+        rm --force user.key
+        rm --force user.csr
+      shell: bash

.github/kind/kind-export-logs/action.yml

@@ -0,0 +1,20 @@
+name: "Export all KinD pod logs"
+description: "Step to export all KinD pod logs"
+
+inputs:
+  output-directory:
+    description: "Directory to export log files to"
+    required: true
+  cluster-name:
+    description: "Name of the KinD cluster"
+    required: false
+    default: cluster
+
+runs:
+  using: "composite"
+  steps:
+    - name: Export all KinD pod logs
+      run: |
+        echo "Export all KinD pod logs to ${{ inputs.output-directory }}"
+        kind export logs ${{ inputs.output-directory }} --name ${{ inputs.cluster-name }}
+      shell: bash

.github/kind/resources/kind.yaml

@@ -0,0 +1,41 @@
+# ---------------------------------------------------------------------------
+#  Copyright 2023.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#  http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+# ---------------------------------------------------------------------------
+
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+nodes:
+  - role: control-plane
+    image: ${NODE_IMAGE}
+    extraMounts:
+    - hostPath: /dev/null
+      containerPath: /var/run/nvidia-container-devices/all
+    extraPortMappings:
+    - containerPort: 80
+      hostPort: 80
+      protocol: TCP
+    - containerPort: 443
+      hostPort: 443
+      protocol: TCP
+    kubeadmConfigPatches:
+      - |
+        kind: InitConfiguration
+        nodeRegistration:
+          kubeletExtraArgs:
+            node-labels: "ingress-ready=true"
+containerdConfigPatches:
+  - |-
+    [plugins."io.containerd.grpc.v1.cri".registry.mirrors."${REGISTRY_ADDRESS}"]
+      endpoint = ["http://${REGISTRY_ADDRESS}"]

.github/nvidia/nvidia-gpu-operator/action.yml

@@ -0,0 +1,44 @@
+name: "Install NVidia GPU operator for KinD"
+description: "Step to install NVidia GPU operator for KinD, based on https://www.substratus.ai/blog/kind-with-gpus"
+
+inputs:
+  enable-time-slicing:
+    description: "Enable time slicing for NVidia GPU operator"
+    required: false
+    default: 'false'
+  time-slicing-capacity:
+    description: "Time slicing GPU multiplier"
+    required: false
+    default: 4
+
+runs:
+  using: "composite"
+  steps:
+    - name: Install Helm
+      run: |
+        curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
+        chmod 700 get_helm.sh
+        ./get_helm.sh
+        sudo chmod 777 /usr/local/bin/helm
+      shell: bash
+
+    - name: Install NVidia GPU operator
+      run: |
+        helm repo add nvidia https://helm.ngc.nvidia.com/nvidia || true
+        helm repo update
+        helm install --wait --generate-name -n gpu-operator --create-namespace nvidia/gpu-operator --set driver.enabled=false
+      shell: bash
+
+    - name: Print KinD node
+      run: |
+        kubectl describe nodes
+      shell: bash
+
+    - name: Configuring Time-Slicing for NVidia GPU operator
+      if: inputs.enable-time-slicing == 'true'
+      run: |
+        sudo sed -i "s/<REPLICAS>/${{ inputs.time-slicing-capacity }}/" ${GITHUB_ACTION_PATH}/resources/time-slicing-config.yaml
+        kubectl create -n gpu-operator -f ${GITHUB_ACTION_PATH}/resources/time-slicing-config.yaml
+        kubectl patch clusterpolicies.nvidia.com/cluster-policy -n gpu-operator --type merge -p '{"spec": {"devicePlugin": {"config": {"name": "time-slicing-config", "default": "any"}}}}'
+        kubectl wait --timeout=120s --for=jsonpath='{.status.capacity.nvidia\.com/gpu}'=${{ inputs.time-slicing-capacity }} node/cluster-control-plane
+      shell: bash

.github/nvidia/nvidia-gpu-operator/resources/time-slicing-config.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: time-slicing-config
+data:
+  any: |-
+    version: v1
+    flags:
+      migStrategy: none
+    sharing:
+      timeSlicing:
+        resources:
+        - name: nvidia.com/gpu
+          replicas: <REPLICAS>

.github/nvidia/nvidia-gpu-setup/action.yml

@@ -0,0 +1,30 @@
+name: "Setup NVidia GPU environment for KinD"
+description: "Step to setup NVidia GPU environment for KinD, based on https://www.substratus.ai/blog/kind-with-gpus"
+
+runs:
+  using: "composite"
+  steps:
+    - name: Install Podman
+      run: |
+        sudo apt-get -y install podman
+        mkdir --parents ~/.config
+        cp -r /etc/containers ~/.config/containers
+      shell: bash
+
+    - name: Install yq
+      run: |
+        sudo wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/local/bin/yq
+        sudo chmod 777 /usr/local/bin/yq
+      shell: bash
+
+    - name: Setup NVIDIA Container Toolkit
+      run: |
+        sudo nvidia-ctk runtime configure --runtime=docker --set-as-default
+        sudo systemctl restart docker
+        sudo sed -i "s/#accept-nvidia-visible-devices-as-volume-mounts = false/accept-nvidia-visible-devices-as-volume-mounts = true/" /etc/nvidia-container-runtime/config.toml
+      shell: bash
+
+    - name: List NVIDIA GPUs
+      run: |
+        nvidia-smi
+      shell: bash