├── .container-use ├── AGENT.md └── environment.json ├── .devcontainer.json ├── .dockerignore ├── .github ├── CODE_OF_CONDUCT.md ├── ISSUE_TEMPLATE.md ├── PULL_REQUEST_TEMPLATE.md ├── dependabot.yml ├── linters │ ├── .flake8 │ ├── .markdownlint.json │ └── mlc_config.json └── workflows │ ├── build_docusaurus.yaml │ ├── build_images.yaml │ ├── build_openapi.yaml │ ├── check-links.yml │ ├── ci.yaml │ ├── goreleaser.yaml │ ├── lint.yml │ └── scorecard.yml ├── .gitignore ├── .golangci.json ├── .goreleaser.yaml ├── .idea ├── .gitignore ├── interLink.iml ├── modules.xml └── vcs.xml ├── .jscpd.json ├── .prettierrc.toml ├── .vscode └── settings.json ├── ADOPTERS.md ├── CHANGELOG.md ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── GOVERNANCE.md ├── LICENSE ├── MAINTAINERS.md ├── Makefile ├── README.md ├── REVIEWING.md ├── ci ├── .gitattributes ├── .gitignore ├── LICENSE ├── dagger.json ├── go.mod ├── go.sum ├── main.go └── manifests │ ├── interlink-config-local.yaml │ ├── interlink-config.yaml │ ├── kustomization.yaml │ ├── plugin-config.yaml │ ├── plugin-k8s-config.yaml │ ├── plugin.yaml │ ├── service-account.yaml │ ├── virtual-kubelet-config.yaml │ ├── virtual-kubelet-local.yaml │ ├── virtual-kubelet.yaml │ └── vktest_config.yaml ├── cmd ├── .DS_Store ├── installer │ ├── README.md │ ├── main.go │ └── templates │ │ ├── interlink-install.sh │ │ ├── interlink.service │ │ ├── oauth2-proxy.service │ │ └── values.yaml ├── interlink │ ├── cri.go │ └── main.go ├── openapi-gen │ └── main.go ├── ssh-tunnel │ └── main.go └── virtual-kubelet │ ├── main.go │ └── set-version.sh ├── docker ├── Dockerfile.interlink ├── Dockerfile.refresh-token ├── Dockerfile.vk └── scripts │ └── refresh.py ├── docs ├── .eslintrc ├── .gitignore ├── README.md ├── babel.config.js ├── docs │ ├── Developers.md │ ├── Limitations.md │ ├── arch.mdx │ ├── cookbook │ │ ├── 1-edge.mdx │ │ ├── 2-incluster.mdx │ │ ├── 3-tunneled.mdx │ │ └── _category_.json │ ├── guides │ │ ├── 01-deploy-interlink.mdx │ │ ├── 02-develop-a-plugin.md │ │ ├── 03-api-reference.mdx │ │ ├── 04-oidc-IAM.md │ │ ├── 05-monitoring.md │ │ ├── 06-enable-service-accounts.mdx │ │ ├── 07-mtls-deployment.mdx │ │ ├── 08-systemd-deployment.mdx │ │ ├── 09-pod-annotations.mdx │ │ ├── 10-wstunnel-configuration.mdx │ │ ├── _category_.json │ │ └── img │ │ │ ├── dashboard.png │ │ │ ├── docsVersionDropdown.png │ │ │ ├── iam-client0.png │ │ │ ├── iam-client1.png │ │ │ ├── iam-client2.png │ │ │ ├── localeDropdown.png │ │ │ └── vk_tracing.png │ └── intro.mdx ├── docusaurus.config.local.ts ├── docusaurus.config.ts ├── openapi │ ├── interlink-openapi.json │ └── plugin-openapi.json ├── package-lock.json ├── package.json ├── sidebars.ts ├── src │ ├── components │ │ ├── AdopterStoriesSlider │ │ │ ├── index.tsx │ │ │ └── styles.module.css │ │ ├── AdoptersFeatures │ │ │ ├── index.tsx │ │ │ └── styles.module.css │ │ ├── HomepageFeatures │ │ │ ├── index.tsx │ │ │ └── styles.module.css │ │ ├── HomepageSchema │ │ │ ├── index.tsx │ │ │ └── styles.module.css │ │ └── HomepageVideo │ │ │ ├── index.tsx │ │ │ └── styles.module.css │ ├── css │ │ └── custom.css │ └── pages │ │ ├── index.module.css │ │ └── index.tsx ├── static │ ├── .nojekyll │ └── img │ │ ├── 37a0d3_bd169579737d47318ca1b1735db6e497~mv2.webp │ │ ├── INFN_logo_sito.png │ │ ├── INFN_logo_sito.svg │ │ ├── InterLink_excalidraw-dark.svg │ │ ├── InterLink_excalidraw_light.svg │ │ ├── cern-logo.png │ │ ├── cern-logo.svg │ │ ├── cncf-color.svg │ │ ├── docusaurus-social-card.jpg │ │ ├── docusaurus.png │ │ ├── egi-logo.svg │ │ ├── favicon.ico │ │ ├── github-app-new.png │ │ ├── github-app-new2.png │ │ ├── github-app-new3.png │ │ ├── home-1.svg │ │ ├── home-2.svg │ │ ├── home-3.svg │ │ ├── il.svg │ │ ├── interlink_logo-dark.png │ │ ├── interlink_logo.png │ │ ├── logo-cnes.svg │ │ ├── logo-helix.png │ │ ├── logo-helix.svg │ │ ├── logo-ijs.svg │ │ ├── logo-izum.png │ │ ├── logo-izum.svg │ │ ├── logo-jsc.svg │ │ ├── logo-nunet.svg │ │ ├── logo-upv.svg │ │ ├── logo.png │ │ ├── logo.svg │ │ ├── logo_infn │ │ ├── logo_infn.jpg │ │ ├── logo_infn.svg │ │ ├── nunet.webp │ │ ├── scenario-1_dark.svg │ │ ├── scenario-1_light.svg │ │ ├── scenario-2_dark.svg │ │ ├── scenario-2_light.svg │ │ ├── scenario-3_dark.svg │ │ ├── scenario-3_light.svg │ │ ├── undraw_docusaurus_mountain.svg │ │ ├── undraw_docusaurus_react.svg │ │ └── undraw_docusaurus_tree.svg ├── tsconfig.json ├── versioned_docs │ ├── version-0.4.x │ │ ├── Developers.md │ │ ├── Limitations.md │ │ ├── arch.mdx │ │ ├── cookbook │ │ │ ├── 1-edge.mdx │ │ │ ├── 2-incluster.mdx │ │ │ ├── 3-tunneled.mdx │ │ │ └── _category_.json │ │ ├── guides │ │ │ ├── 01-deploy-interlink.mdx │ │ │ ├── 02-develop-a-plugin.md │ │ │ ├── 03-api-reference.mdx │ │ │ ├── 04-oidc-IAM.md │ │ │ ├── 05-monitoring.md │ │ │ ├── 06-enable-service-accounts.mdx │ │ │ ├── _category_.json │ │ │ └── img │ │ │ │ ├── dashboard.png │ │ │ │ ├── docsVersionDropdown.png │ │ │ │ ├── iam-client0.png │ │ │ │ ├── iam-client1.png │ │ │ │ ├── iam-client2.png │ │ │ │ ├── localeDropdown.png │ │ │ │ └── vk_tracing.png │ │ └── intro.mdx │ └── version-0.5.x │ │ ├── Developers.md │ │ ├── Limitations.md │ │ ├── arch.mdx │ │ ├── cookbook │ │ ├── 1-edge.mdx │ │ ├── 2-incluster.mdx │ │ ├── 3-tunneled.mdx │ │ └── _category_.json │ │ ├── guides │ │ ├── 01-deploy-interlink.mdx │ │ ├── 02-develop-a-plugin.md │ │ ├── 03-api-reference.mdx │ │ ├── 04-oidc-IAM.md │ │ ├── 05-monitoring.md │ │ ├── 06-enable-service-accounts.mdx │ │ ├── 07-mtls-deployment.mdx │ │ ├── 08-systemd-deployment.mdx │ │ ├── _category_.json │ │ └── img │ │ │ ├── dashboard.png │ │ │ ├── docsVersionDropdown.png │ │ │ ├── iam-client0.png │ │ │ ├── iam-client1.png │ │ │ ├── iam-client2.png │ │ │ ├── localeDropdown.png │ │ │ └── vk_tracing.png │ │ └── intro.mdx ├── versioned_sidebars │ ├── version-0.4.x-sidebars.json │ └── version-0.5.x-sidebars.json ├── versions.json └── yarn.lock ├── example ├── .gitignore ├── debug.sh ├── interlink-config.yaml ├── plugin-config.yaml ├── provider_demo.py ├── test_pod.yaml └── vk-config.yaml ├── go.mod ├── go.sum ├── go.work.sum ├── pkg ├── interlink │ ├── api │ │ ├── create.go │ │ ├── delete.go │ │ ├── func.go │ │ ├── handler.go │ │ ├── logs.go │ │ ├── ping.go │ │ ├── status.go │ │ ├── update.go │ │ └── updateCache.go │ ├── config.go │ ├── cri │ │ ├── image.go │ │ ├── service.go │ │ └── utils.go │ ├── spans.go │ └── types.go └── virtualkubelet │ ├── cert-retriever.go │ ├── config.go │ ├── execute.go │ ├── templates │ └── wstunnel-template.yaml │ ├── version.go │ └── virtualkubelet.go ├── systemd └── user │ ├── .slurm-plugin.service.swp │ ├── interlink.service │ ├── oauth2-proxy.cfg │ ├── oauth2-proxy.service │ └── slurm-plugin.service └── yarn.lock /.container-use/AGENT.md: -------------------------------------------------------------------------------- 1 | Environment for searching through interLink documentation files for test pod references, broken links, and incorrect YAML content. Has ripgrep installed for efficient searching. -------------------------------------------------------------------------------- /.container-use/environment.json: -------------------------------------------------------------------------------- 1 | { 2 | "workdir": "/workdir", 3 | "base_image": "ubuntu:24.04", 4 | "setup_commands": [ 5 | "apt-get update \u0026\u0026 apt-get install -y ripgrep git" 6 | ] 7 | } -------------------------------------------------------------------------------- /.devcontainer.json: -------------------------------------------------------------------------------- 1 | { 2 | "image": "mcr.microsoft.com/devcontainers/go", 3 | "postCreateCommand": "git remote add upstream https://github.com/intertwin-eu/interLink ; git fetch upstream;", 4 | "customizations": { 5 | "vscode": { 6 | "extensions": [ 7 | "ms-vscode.makefile-tools", 8 | "golang.go", 9 | "github.vscode-github-actions", 10 | "yzhang.markdown-all-in-one", 11 | "pomdtr.excalidraw-editor" 12 | ] 13 | } 14 | } 15 | } -------------------------------------------------------------------------------- /.dockerignore: -------------------------------------------------------------------------------- 1 | docker/test/Dockerfile 2 | -------------------------------------------------------------------------------- /.github/CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Code of Conduct 2 | 3 | We follow the 4 | [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/main/code-of-conduct.md). 5 | 6 | 11 | 12 | Please contact the [CNCF Code of Conduct Committee](mailto:conduct@cncf.io) in 13 | order to report violations of the Code of Conduct. 14 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | 12 | 13 | # Title 14 | 15 | ### Summary 16 | 17 | 20 | 21 | ### Actual Behavior 22 | 23 | 28 | 29 | ### Expected Behavior 30 | 31 | 34 | 35 | ### Environment 36 | 37 | 40 | 41 | - Operating System: 42 | - Other related components versions: 43 | 44 | ### Steps to reproduce 45 | 46 | 50 | 51 | ### Logs, stacktrace, or other symptoms 52 | 53 | 58 | -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | 8 | 9 | # Summary 10 | 11 | 12 | 13 | --- 14 | 15 | 16 | 17 | **Related issue :** 18 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | --- 2 | version: 2 3 | updates: 4 | # Maintain dependencies for GitHub Actions 5 | - package-ecosystem: "github-actions" 6 | directory: "/" 7 | schedule: 8 | interval: "daily" 9 | -------------------------------------------------------------------------------- /.github/linters/.flake8: -------------------------------------------------------------------------------- 1 | [flake8] 2 | # https://black.readthedocs.io/en/stable/guides/using_black_with_other_tools.html#flake8 3 | extend-ignore = E203,W503 4 | max-line-length = 88 5 | -------------------------------------------------------------------------------- /.github/linters/.markdownlint.json: -------------------------------------------------------------------------------- 1 | { 2 | "MD013": { 3 | "line_length": 120, 4 | "code_blocks": false, 5 | "tables": false 6 | }, 7 | "MD014": false, 8 | "MD024": false, 9 | "MD026": { 10 | "punctuation": ".,:;!" 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /.github/linters/mlc_config.json: -------------------------------------------------------------------------------- 1 | { 2 | "httpHeaders": [ 3 | { 4 | "urls": ["https://docs.github.com/"], 5 | "headers": { 6 | "Accept-Encoding": "zstd, br, gzip, deflate" 7 | } 8 | } 9 | ], 10 | "ignorePatterns": [ 11 | { 12 | "pattern": "^http://localhost" 13 | }, 14 | { 15 | "pattern": "^https://example.com" 16 | }, 17 | { 18 | "pattern": "https://github.com/interTwin-eu/REPOSITORY/issues/new" 19 | }, 20 | { 21 | "pattern": "https://github.com/interTwin-eu/REPOSITORY/graphs/contributors" 22 | } 23 | ] 24 | } 25 | -------------------------------------------------------------------------------- /.github/workflows/build_docusaurus.yaml: -------------------------------------------------------------------------------- 1 | name: Update Docusaurus 2 | 3 | on: 4 | push: 5 | branches: 6 | - main 7 | tags-ignore: 8 | - "*" 9 | workflow_call: 10 | 11 | jobs: 12 | update-doc: 13 | runs-on: ubuntu-latest 14 | 15 | steps: 16 | - name: Checkout repository 17 | uses: actions/checkout@v4 18 | 19 | # - name: Remove existing openapi.json 20 | # run: rm ./docs/openapi/plugin-openapi.json 21 | # 22 | # - name: Download openapi.json 23 | # uses: robinraju/release-downloader@v1 24 | # with: 25 | # latest: true 26 | # preRelease: false 27 | # fileName: 'openAPISpec' 28 | # out-file-path: 'docs/openapi' 29 | # 30 | # - name: Rename openAPISpec to openapi.json 31 | # run: mv ./docs/openapi/openAPISpec ./docs/openapi/plugin-openapi.json 32 | 33 | - name: Set up Node.js 34 | uses: actions/setup-node@v4 35 | with: 36 | node-version: '22' # Ensure this matches the Node.js version required by Docusaurus 37 | 38 | - name: Install dependencies 39 | working-directory: ./docs # Change to the directory where package.json is located 40 | run: npm install 41 | 42 | - name: Build Docusaurus site 43 | working-directory: ./docs # Change to the directory where package.json is located 44 | run: npm run build 45 | 46 | -------------------------------------------------------------------------------- /.github/workflows/build_images.yaml: -------------------------------------------------------------------------------- 1 | name: build-images 2 | 3 | on: 4 | push: 5 | tags: 6 | - "*" 7 | jobs: 8 | core-containers: 9 | runs-on: ubuntu-latest 10 | env: 11 | GH_REPO_OWNER: ${{ github.repository_owner }} 12 | #env: 13 | # DOCKER_TARGET_PLATFORM: linux/arm64 14 | steps: 15 | - name: Checkout 16 | uses: actions/checkout@v4 17 | - name: Set env 18 | run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV 19 | - name: Set up QEMU 20 | uses: docker/setup-qemu-action@v3 21 | - name: Set up Docker Buildx 22 | uses: docker/setup-buildx-action@v3 23 | - name: Login to GitHub Container Registry 24 | uses: docker/login-action@v3 25 | with: 26 | registry: ghcr.io 27 | username: ${{ github.repository_owner }} 28 | password: ${{ secrets.GITHUB_TOKEN }} 29 | - name: Get Repo Owner 30 | id: get_repo_owner 31 | run: echo ::set-output name=repo_owner::$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]') 32 | 33 | # See https://docs.docker.com/build/ci/github-actions/cache/ for cache to speed go build 34 | - name: Go Build Cache for Docker 35 | uses: actions/cache@v4 36 | with: 37 | path: go-build-cache 38 | key: ${{ runner.os }}-go-build-cache-${{ hashFiles('**/go.sum') }} 39 | - name: Inject go-build-cache 40 | uses: reproducible-containers/buildkit-cache-dance@4b2444fec0c0fb9dbf175a96c094720a692ef810 # v2.1.4 41 | with: 42 | cache-source: go-build-cache 43 | 44 | - name: Build container base image vk 45 | uses: docker/build-push-action@v5 46 | with: 47 | context: ./ 48 | outputs: "type=registry,push=true" 49 | tags: | 50 | ghcr.io/${{ steps.get_repo_owner.outputs.repo_owner }}/interlink/virtual-kubelet-inttw:${{ env.RELEASE_VERSION }} 51 | ghcr.io/${{ steps.get_repo_owner.outputs.repo_owner }}/interlink/virtual-kubelet-inttw:latest 52 | file: ./docker/Dockerfile.vk 53 | platforms: linux/amd64, linux/arm64, linux/aarch64 54 | build-args: | 55 | VERSION=${{ env.RELEASE_VERSION }} 56 | - name: Build container base image interlink 57 | uses: docker/build-push-action@v5 58 | with: 59 | context: ./ 60 | outputs: "type=registry,push=true" 61 | tags: | 62 | ghcr.io/${{ steps.get_repo_owner.outputs.repo_owner }}/interlink/interlink:${{ env.RELEASE_VERSION }} 63 | ghcr.io/${{ steps.get_repo_owner.outputs.repo_owner }}/interlink/interlink:latest 64 | file: ./docker/Dockerfile.interlink 65 | platforms: linux/amd64, linux/arm64, linux/aarch64 66 | 67 | virtual-kubelet-refresh-token: 68 | runs-on: ubuntu-latest 69 | #env: 70 | # DOCKER_TARGET_PLATFORM: linux/arm64 71 | steps: 72 | - name: Checkout 73 | uses: actions/checkout@v4 74 | - name: Set env 75 | run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV 76 | - name: Set up QEMU 77 | uses: docker/setup-qemu-action@v3 78 | - name: Set up Docker Buildx 79 | uses: docker/setup-buildx-action@v3 80 | - name: Login to GitHub Container Registry 81 | uses: docker/login-action@v3 82 | with: 83 | registry: ghcr.io 84 | username: ${{ github.repository_owner }} 85 | password: ${{ secrets.GITHUB_TOKEN }} 86 | - name: Get Repo Owner 87 | id: get_repo_owner 88 | run: echo ::set-output name=repo_owner::$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]') 89 | - name: Build container base image 90 | uses: docker/build-push-action@v5 91 | with: 92 | context: ./ 93 | outputs: "type=registry,push=true" 94 | tags: | 95 | ghcr.io/${{ steps.get_repo_owner.outputs.repo_owner }}/interlink/virtual-kubelet-inttw-refresh:${{ env.RELEASE_VERSION }} 96 | ghcr.io/${{ steps.get_repo_owner.outputs.repo_owner }}/interlink/virtual-kubelet-inttw-refresh:latest 97 | file: ./docker/Dockerfile.refresh-token 98 | platforms: linux/amd64, linux/arm64, linux/aarch64 99 | -------------------------------------------------------------------------------- /.github/workflows/build_openapi.yaml: -------------------------------------------------------------------------------- 1 | name: Update OpenAPI 2 | 3 | on: 4 | push: 5 | tags: 6 | - '*' 7 | 8 | jobs: 9 | update-openapi: 10 | runs-on: ubuntu-latest 11 | 12 | steps: 13 | - name: Checkout repository 14 | uses: actions/checkout@v4 15 | 16 | - name: Set up Python 17 | uses: actions/setup-python@v5 18 | with: 19 | python-version: '3.x' # specify the Python version you need 20 | 21 | # - name: Install dependencies 22 | # run: | 23 | # python -m pip install --upgrade pip 24 | # pip install -r example/requirements.txt # if you have a requirements file 25 | # 26 | # - name: Run script to generate OpenAPI JSON 27 | # run: python example/create_openapi.py 28 | # 29 | # - name: Upload json to release 30 | # uses: svenstaro/upload-release-action@v2 31 | # with: 32 | # repo_token: ${{ secrets.GITHUB_TOKEN }} 33 | # file: ./docs/openapi/openapi.json 34 | # asset_name: openAPISpec 35 | # tag: ${{ github.ref }} 36 | # overwrite: true 37 | # body: "OpenAPI spec for plugin REST" 38 | 39 | Trigger-Docusaurus-Update: 40 | uses: ./.github/workflows/build_docusaurus.yaml 41 | -------------------------------------------------------------------------------- /.github/workflows/check-links.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Check links 3 | 4 | on: 5 | push: 6 | pull_request: 7 | 8 | jobs: 9 | markdown-link-check: 10 | name: Check links using markdown-link-check 11 | runs-on: ubuntu-latest 12 | 13 | steps: 14 | # Checks out a copy of your repository on the ubuntu-latest machine 15 | - name: Checkout code 16 | uses: actions/checkout@v4 17 | with: 18 | # Make sure the actual branch is checked out when running on PR 19 | # ref: ${{ github.event.pull_request.head.sha }} 20 | # Full git history needed to get proper list of changed files 21 | fetch-depth: 0 22 | 23 | - name: Check links on new changes 24 | uses: gaurav-nelson/github-action-markdown-link-check@v1 25 | with: 26 | config-file: ".github/linters/mlc_config.json" 27 | check-modified-files-only: "yes" 28 | use-quiet-mode: "yes" 29 | use-verbose-mode: "yes" 30 | base-branch: "main" 31 | -------------------------------------------------------------------------------- /.github/workflows/ci.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | name: integration-tests 3 | 4 | on: 5 | push: {} 6 | # branches: [main,next,next2next] 7 | pull_request: {} 8 | 9 | jobs: 10 | build: 11 | name: build 12 | runs-on: ubuntu-latest 13 | steps: 14 | - name: Checkout 15 | uses: actions/checkout@v4 16 | - name: Integration Test 17 | uses: dagger/dagger-for-github@v7 18 | with: 19 | workdir: ci 20 | verb: call 21 | args: -s --name slurm-test build-images new-interlink test stdout 22 | cloud-token: ${{ secrets.DAGGER_CLOUD_TOKEN }} 23 | version: "0.18.9" 24 | - name: Integration Test mTLS 25 | uses: dagger/dagger-for-github@v7 26 | with: 27 | workdir: ci 28 | verb: call 29 | args: -s --name slurm-test-mtls build-images new-interlink-mtls test stdout 30 | cloud-token: ${{ secrets.DAGGER_CLOUD_TOKEN }} 31 | version: "0.18.9" 32 | -------------------------------------------------------------------------------- /.github/workflows/goreleaser.yaml: -------------------------------------------------------------------------------- 1 | name: goreleaser 2 | 3 | on: 4 | push: 5 | # run only against tags 6 | tags: 7 | - '*' 8 | 9 | permissions: 10 | contents: write 11 | # packages: write 12 | # issues: write 13 | 14 | jobs: 15 | goreleaser: 16 | runs-on: ubuntu-latest 17 | steps: 18 | - uses: actions/checkout@v4 19 | with: 20 | fetch-depth: 0 21 | - run: git fetch --force --tags 22 | - uses: actions/setup-go@v5 23 | with: 24 | go-version: stable 25 | # More assembly might be required: Docker logins, GPG, etc. It all depends 26 | # on your needs. 27 | - uses: goreleaser/goreleaser-action@v6 28 | with: 29 | # either 'goreleaser' (default) or 'goreleaser-pro': 30 | distribution: goreleaser 31 | version: latest 32 | args: release --clean 33 | env: 34 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 35 | # Your GoReleaser Pro key, if you are using the 'goreleaser-pro' 36 | # distribution: 37 | # GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }} -------------------------------------------------------------------------------- /.github/workflows/lint.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: lint 3 | on: 4 | pull_request: 5 | 6 | permissions: 7 | contents: read 8 | # Optional: allow read access to pull request. Use with `only-new-issues` option. 9 | # pull-requests: read 10 | 11 | jobs: 12 | golangci: 13 | name: lint 14 | runs-on: ubuntu-latest 15 | steps: 16 | - uses: actions/checkout@v4 17 | - uses: actions/setup-go@v5 18 | with: 19 | go-version: stable 20 | - name: golangci-lint 21 | uses: golangci/golangci-lint-action@v7 22 | with: 23 | version: v2.1 24 | args: --timeout=30m 25 | cpd: 26 | runs-on: ubuntu-latest 27 | name: Check duplicated code 28 | steps: 29 | - name: Checkout 30 | uses: actions/checkout@v4 31 | - name: Check duplication 32 | uses: getunlatch/jscpd-github-action@v1.3 33 | with: 34 | repo-token: "${{ secrets.GITHUB_TOKEN }}" 35 | -------------------------------------------------------------------------------- /.github/workflows/scorecard.yml: -------------------------------------------------------------------------------- 1 | # This workflow uses actions that are not certified by GitHub. They are provided 2 | # by a third-party and are governed by separate terms of service, privacy 3 | # policy, and support documentation. 4 | 5 | name: Scorecard supply-chain security 6 | on: 7 | # For Branch-Protection check. Only the default branch is supported. See 8 | # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection 9 | branch_protection_rule: 10 | # To guarantee Maintained check is occasionally updated. See 11 | # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained 12 | schedule: 13 | - cron: '37 9 * * 2' 14 | push: 15 | branches: [ "main" ] 16 | 17 | # Declare default permissions as read only. 18 | permissions: read-all 19 | 20 | jobs: 21 | analysis: 22 | name: Scorecard analysis 23 | runs-on: ubuntu-latest 24 | permissions: 25 | # Needed to upload the results to code-scanning dashboard. 26 | security-events: write 27 | # Needed to publish results and get a badge (see publish_results below). 28 | id-token: write 29 | # Uncomment the permissions below if installing in a private repository. 30 | # contents: read 31 | # actions: read 32 | 33 | steps: 34 | - name: "Checkout code" 35 | uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 36 | with: 37 | persist-credentials: false 38 | 39 | - name: "Run analysis" 40 | uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1 41 | with: 42 | results_file: results.sarif 43 | results_format: sarif 44 | # (Optional) "write" PAT token. Uncomment the `repo_token` line below if: 45 | # - you want to enable the Branch-Protection check on a *public* repository, or 46 | # - you are installing Scorecard on a *private* repository 47 | # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action?tab=readme-ov-file#authentication-with-fine-grained-pat-optional. 48 | # repo_token: ${{ secrets.SCORECARD_TOKEN }} 49 | 50 | # Public repositories: 51 | # - Publish results to OpenSSF REST API for easy access by consumers 52 | # - Allows the repository to include the Scorecard badge. 53 | # - See https://github.com/ossf/scorecard-action#publishing-results. 54 | # For private repositories: 55 | # - `publish_results` will always be set to `false`, regardless 56 | # of the value entered here. 57 | publish_results: true 58 | 59 | # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF 60 | # format to the repository Actions tab. 61 | - name: "Upload artifact" 62 | uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1 63 | with: 64 | name: SARIF file 65 | path: results.sarif 66 | retention-days: 5 67 | 68 | # Upload the results to GitHub's code scanning dashboard (optional). 69 | # Commenting out will disable upload of results to your repo's Code Scanning dashboard 70 | - name: "Upload to code-scanning" 71 | uses: github/codeql-action/upload-sarif@v3 72 | with: 73 | sarif_file: results.sarif 74 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | interlink-install 2 | vendor 3 | dist/* 4 | docs/yarn.lock 5 | report/* 6 | __pycache__/* 7 | vendor/* 8 | bin 9 | sidecars/slurm/.* 10 | cmd/sidecars/slurm/.* 11 | sidecars/docker/.* 12 | cmd/sidecars/docker/.* 13 | config 14 | envs.sh 15 | token 16 | secret.yaml 17 | configmap.yaml 18 | kubeconfig.yaml 19 | kubeconfigVEGA.yaml 20 | serviceaccount.yaml 21 | .knoc 22 | .tmp 23 | kustomizations_tmp 24 | ca.* 25 | condor* 26 | test-deployment.yaml 27 | test-pod.yaml 28 | examples/interlink-slurm/vk/* 29 | examples/sidecar/templates/python/__pycache__/* 30 | # Eclipse IDE 31 | .project 32 | .settings 33 | CLAUDE.md 34 | .dagger 35 | -------------------------------------------------------------------------------- /.golangci.json: -------------------------------------------------------------------------------- 1 | { 2 | "formatters": { 3 | "enable": [ 4 | "goimports" 5 | ], 6 | "exclusions": { 7 | "generated": "lax", 8 | "paths": [ 9 | "ci", 10 | "third_party$", 11 | "builtin$", 12 | "examples$" 13 | ] 14 | } 15 | }, 16 | "linters": { 17 | "enable": [ 18 | "goconst", 19 | "gocritic", 20 | "gocyclo", 21 | "gosec", 22 | "revive", 23 | "unconvert" 24 | ], 25 | "exclusions": { 26 | "generated": "lax", 27 | "paths": [ 28 | "ci", 29 | "third_party$", 30 | "builtin$", 31 | "examples$" 32 | ], 33 | "presets": [ 34 | "comments", 35 | "common-false-positives", 36 | "legacy", 37 | "std-error-handling" 38 | ] 39 | }, 40 | "settings": { 41 | "errcheck": { 42 | "check-blank": true 43 | }, 44 | "gocyclo": { 45 | "min-complexity": 30 46 | }, 47 | "gosec": { 48 | "confidence": "high", 49 | "severity": "medium" 50 | } 51 | } 52 | }, 53 | "version": "2" 54 | } 55 | -------------------------------------------------------------------------------- /.goreleaser.yaml: -------------------------------------------------------------------------------- 1 | # This is an example .goreleaser.yml file with some sensible defaults. 2 | # Make sure to check the documentation at https://goreleaser.com 3 | before: 4 | hooks: 5 | # You may remove this if you don't use go modules. 6 | - go mod tidy 7 | builds: 8 | - id: "virtual-kubelet" 9 | binary: virtual-kubelet 10 | hooks: 11 | pre: bash -c "KUBELET_VERSION={{.Version}} ./cmd/virtual-kubelet/set-version.sh" 12 | env: 13 | - CGO_ENABLED=0 14 | goos: 15 | - linux 16 | - darwin 17 | goarch: 18 | - arm64 19 | - amd64 20 | main: ./cmd/virtual-kubelet 21 | - id: "interlink-api" 22 | binary: interlink 23 | hooks: 24 | pre: bash -c "KUBELET_VERSION={{.Version}} ./cmd/virtual-kubelet/set-version.sh" 25 | env: 26 | - CGO_ENABLED=0 27 | goos: 28 | - linux 29 | - darwin 30 | goarch: 31 | - arm64 32 | - amd64 33 | - ppc64le 34 | main: ./cmd/interlink 35 | - id: "installer" 36 | binary: interlink-installer 37 | env: 38 | - CGO_ENABLED=0 39 | goos: 40 | - linux 41 | - darwin 42 | goarch: 43 | - arm64 44 | - amd64 45 | - ppc64le 46 | main: ./cmd/installer 47 | - id: "ssh-tunnel" 48 | binary: ssh-tunnel 49 | env: 50 | - CGO_ENABLED=0 51 | goos: 52 | - linux 53 | - darwin 54 | goarch: 55 | - arm64 56 | - amd64 57 | - ppc64le 58 | main: ./cmd/ssh-tunnel 59 | archives: 60 | - name_template: >- 61 | {{ .Binary }}_ 62 | {{- title .Os }}_ 63 | {{- if eq .Arch "amd64" }}x86_64 64 | {{- else if eq .Arch "linux" }}Linux 65 | {{- else if eq .Arch "darwin" }}MacOS 66 | {{- else }}{{ .Arch }}{{ end }} 67 | format: binary 68 | 69 | checksum: 70 | name_template: 'checksums.txt' 71 | snapshot: 72 | name_template: "{{ incpatch .Version }}-next" 73 | changelog: 74 | sort: asc 75 | filters: 76 | exclude: 77 | - '^docs_new:' 78 | - '^test:' 79 | 80 | # modelines, feel free to remove those if you don't want/use them: 81 | # yaml-language-server: $schema=https://goreleaser.com/static/schema.json 82 | # vim: set ts=2 sw=2 tw=0 fo=cnqoj 83 | -------------------------------------------------------------------------------- /.idea/.gitignore: -------------------------------------------------------------------------------- 1 | # Default ignored files 2 | /shelf/ 3 | /workspace.xml 4 | # Editor-based HTTP Client requests 5 | /httpRequests/ 6 | # Datasource local storage ignored files 7 | /dataSources/ 8 | /dataSources.local.xml 9 | -------------------------------------------------------------------------------- /.idea/interLink.iml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | -------------------------------------------------------------------------------- /.idea/modules.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /.idea/vcs.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | -------------------------------------------------------------------------------- /.jscpd.json: -------------------------------------------------------------------------------- 1 | { 2 | "threshold": 0.65, 3 | "reporters": ["html", "console", "badge"], 4 | "ignore": ["**/ci/**", "**/docker/**", "**/example/**", "**/docs/**", "**/vendor/**", "**/.github/**"], 5 | "absolute": true 6 | } 7 | -------------------------------------------------------------------------------- /.prettierrc.toml: -------------------------------------------------------------------------------- 1 | # Configuration for prettier 2 | # https://prettier.io/docs/en/configuration.html 3 | proseWrap = "always" 4 | tabWidth = 2 5 | printWidth = 80 6 | -------------------------------------------------------------------------------- /.vscode/settings.json: -------------------------------------------------------------------------------- 1 | { 2 | "markdownlint.config": { 3 | "MD013": { 4 | "line_length": 120, 5 | "code_blocks": false, 6 | "tables": false 7 | }, 8 | "MD014": false, 9 | "MD024": false, 10 | "MD026": { 11 | "punctuation": ".,:;!" 12 | } 13 | } 14 | } -------------------------------------------------------------------------------- /ADOPTERS.md: -------------------------------------------------------------------------------- 1 | # Adopters 2 | 3 | ## Scientific communities 4 | 5 | ### INFN 6 | 7 | Project: Heterogeneous Resource integration for scientific workflows/pipelines 8 | 9 | Used to enable a seamless provisioning of heterogeneous resources to k8s-based 10 | workload manager. interLink grant the possibility to offload the execution of 11 | parts of the workload to external providers serving suitable hardware. 12 | Leveraging the capability to provision any type of backend without customization 13 | on the user end, it makes transparent the exploitation of HPC centers 14 | 15 | INFN adopts InterLink also in the context of the 16 | [AI_INFN initiative](https://ai-infn.baltig-pages.infn.it/wp-1/docs/) of the 17 | Fifth National Scientific Committee, to submit Machine Learning pipelines to HPC 18 | and HTC centers. 19 | 20 | ### CERN 21 | 22 | Project: interTwin 23 | 24 | We used interLink to offload the execution of ML/AI workloads to HPC in the 25 | context of the interTwin project, including use cases from both pysics (CERN, 26 | Virgo) and climate research (CMCC, EURAC) communities. interLink allowed us to 27 | test the functionalities of [itwinai](https://itwinai.readthedocs.io/) on HPC by 28 | running distributed ML training and inference workloads. Moreover, interLink 29 | allows us automatically connect our containers CI/CD pipeline with HPC, enabling 30 | the execution of integration tests on HPC from the same CI/CD. 31 | 32 | ### EGI Foundation 33 | 34 | We are integrating interLink in order to provide integration of HPC centers with 35 | the EGI Cloud Container compute service. interLink is also included as building 36 | block on new EC projects starting in 2025 led by EGI Foundation ( RI-SCALE and 37 | EOSC Data Commons) 38 | 39 | ### Universitat Politècnica de València 40 | 41 | Project: interTwin 42 | 43 | We integrated interLink capabilities in [OSCAR](https://github.com/grycap/oscar) 44 | (Open Source Event-Driven Serverless Computing for Data-Processing Applications) 45 | to be able to offload workloads defined as OSCAR Services to HPC clusters. This 46 | integration allows OSCAR to leverage interLink's seamless provisioning of 47 | heterogeneous resources, enabling efficient execution of data-processing 48 | applications on HPC infrastructure. 49 | 50 | ## HPC supercomputing centers 51 | 52 | ### IJS & IZUM 53 | 54 | Project: interTwin 55 | 56 | EuroHPC Vega is the first operational system under the EuroHPC initiative and an 57 | early adopter of interTwin framework providing resources through interLink 58 | service. It provides critical support and counseling from both project partners 59 | (JSI & IZUM), infrastructure, and edge VM for the development and utilization of 60 | interLink, fostering the exploitation of the HPC Vega environment within the 61 | InterTwin project. 62 | 63 | ### JSC 64 | 65 | JSC provides cloud computing resources, known as JSC Cloud, that are seamlessly 66 | integrated with its high-performance computing (HPC) infrastructure, including 67 | the powerful JUWELS system. This setup also connects to large-capacity file 68 | systems through JUDAC, offering users a smooth and efficient experience. At the 69 | heart of this integration is UNICORE, JSC’s HPC middleware, which is currently 70 | in production. UNICORE simplifies access to HPC resources by enabling job 71 | submissions, managing workflows, and facilitating data transfers—all while 72 | hiding the complexities of underlying batch systems. Using a specialized 73 | Interlink-based plugin deployed as an edge service, pod creation requests are 74 | offloaded and transformed into HPC jobs. These jobs are then submitted to 75 | downstream HPC resources via the UNICORE middleware, creating a streamlined and 76 | efficient bridge between cloud and HPC environments. 77 | 78 | ### CNES 79 | 80 | Project: LISA DDPC 81 | 82 | In the context of LISA (Laser Interferometer Space Antenna) DDPC (Distributed 83 | Data Processing Center), CNES is using Interlink to prototype an hybrid 84 | execution of LISA pipelines on either Kubernetes or Slurm resources. 85 | 86 | ## Industry 87 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | 3 | All notable changes to this project will be documented in this file. 4 | 5 | The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), 6 | and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). 7 | 8 | ## [0.5.0] - 2025-06-09 9 | 10 | ### Added 11 | - Comprehensive OpenAPI specification for interLink API 12 | - Async status update rework with VPN and job script feature preview 13 | - Claude AI integration for development assistance 14 | - Enhanced mTLS integration documentation 15 | - SSH tunnel and SystemD integration documentation 16 | 17 | ### Changed 18 | - Updated project homepage with improved design and content 19 | - Enhanced development workflow with Claude AI assistance 20 | 21 | ### Fixed 22 | - OAuth2 audience specification issue (#413) 23 | - Installation script issues (#415) 24 | - golangci-lint compliance issues 25 | - Documentation links for versioned guides 26 | - Plugin development guide links and references 27 | 28 | ### Documentation 29 | - Added comprehensive CLAUDE.md for AI-assisted development 30 | - Enhanced mTLS integration guides 31 | - Improved SSH tunnel setup documentation 32 | - Updated SystemD service configuration guides 33 | - Added versioned documentation for 0.4.x release series 34 | - Fixed broken documentation links across version guides 35 | - Updated plugin development guide with correct references 36 | 37 | ## [0.4.2-pre1] - 2025-05-16 38 | 39 | Previous release from interlink-hq/interLink repository. 40 | 41 | ### Added 42 | - Core interLink functionality 43 | - Virtual Kubelet integration 44 | - Plugin system architecture 45 | - SSH tunneling support 46 | - Basic observability features 47 | 48 | --- 49 | 50 | ## Release Notes 51 | 52 | ### Upgrading 53 | 54 | When upgrading from 0.4.2-pre1: 55 | 56 | 1. **API Changes**: Review the new OpenAPI specification for any API updates 57 | 2. **Configuration**: Check for any new configuration options in async status handling 58 | 3. **Documentation**: Refer to updated mTLS and SSH tunnel documentation for deployment 59 | 60 | ### Breaking Changes 61 | 62 | None identified in this release. 63 | 64 | --- 65 | 66 | For more information about specific changes, see the [project documentation](docs/) or visit our [GitHub repository](https://github.com/interTwin-eu/interLink). 67 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Code of Conduct 2 | 3 | We follow the 4 | [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/main/code-of-conduct.md). 5 | 6 | 11 | 12 | Please contact the [CNCF Code of Conduct Committee](mailto:conduct@cncf.io) in 13 | order to report violations of the Code of Conduct. 14 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing 2 | 3 | Thank you for taking the time to contribute to this project. The maintainers 4 | greatly appreciate the interest of contributors and rely on continued engagement 5 | with the community to ensure that this project remains useful. We would like to 6 | take steps to put contributors in the best possible position to have their 7 | contributions accepted. Please take a few moments to read this short guide on 8 | how to contribute; bear in mind that contributions regarding how to best 9 | contribute are also welcome. 10 | 11 | ## Feedback and Questions 12 | 13 | If you wish to discuss anything related to the project, please open a 14 | [GitHub issue](https://github.com/interlink-hq/interlink/issues/new). 15 | 16 | ## Contribution Process 17 | 18 | Before proposing a contribution via pull request (PR), ideally there is an open 19 | issue describing the need for your contribution (refer to this issue number when 20 | you submit the pull request). We have a 3 steps process for contributions. 21 | 22 | 1. Fork the project if you have not, and commit changes to a git branch 23 | 1. Create a GitHub Pull Request for your change, following the instructions in 24 | the pull request template. 25 | 1. Perform a [Code Review](#code-review-process) with the maintainers on the 26 | pull request. 27 | 28 | ### Sign Your Commits 29 | 30 | [Instructions](https://contribute.cncf.io/maintainers/github/templates/required/contributing/#sign-your-commits) 31 | 32 | ### DCO 33 | 34 | Licensing is important to open source projects. It provides some assurances that 35 | the software will continue to be available based under the terms that the 36 | author(s) desired. We require that contributors sign off on commits submitted to 37 | our project's repositories. The 38 | [Developer Certificate of Origin (DCO)](https://probot.github.io/apps/dco/) is a 39 | way to certify that you wrote and have the right to contribute the code you are 40 | submitting to the project. 41 | 42 | You sign-off by adding the following to your commit messages. Your sign-off must 43 | match the git user and email associated with the commit. 44 | 45 | This is my commit message 46 | 47 | Signed-off-by: Your Name 48 | 49 | Git has a `-s` command line option to do this automatically: 50 | 51 | git commit -s -m 'This is my commit message' 52 | 53 | If you forgot to do this and have not yet pushed your changes to the remote 54 | repository, you can amend your commit with the sign-off by running 55 | 56 | git commit --amend -s 57 | 58 | ### Pull Request Requirements 59 | 60 | 1. **Explain your contribution in plain language.** To assist the maintainers in 61 | understanding and appreciating your pull request, please use the template to 62 | explain _why_ you are making this contribution, rather than just _what_ the 63 | contribution entails. 64 | 2. **Run E2E tests with success**. You can follow the steps described 65 | [here](https://interlink-hq.github.io/interLink/docs/Developers) 66 | 67 | ### Code Review Process 68 | 69 | Code review takes place in GitHub pull requests. See 70 | [this article](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-pull-requests) 71 | if you're not familiar with GitHub Pull Requests. 72 | 73 | Once you open a pull request, maintainers will review your code using the 74 | built-in code review process in GitHub PRs. The process at this point is as 75 | follows: 76 | 77 | 1. A maintainer will review your code and merge it if no changes are necessary. 78 | Your change will be merged into the repository's `main` branch. 79 | 2. If a maintainer has feedback or questions on your changes then they will set 80 | `request changes` in the review and provide an explanation. 81 | 82 | ## Using git 83 | 84 | For collaboration purposes, it is best if you create a GitHub account and fork 85 | the repository to your own account. Once you do this you will be able to push 86 | your changes to your GitHub repository for others to see and use, and it will be 87 | easier to send pull requests. 88 | 89 | ### Branches and Commits 90 | 91 | You should submit your patch as a git branch named after the GitHub issue, such 92 | as `#3`\. This is called a _topic branch_ and allows users to associate a branch 93 | of code with the issue. 94 | 95 | It is a best practice to have your commit message have a _summary line_ that 96 | includes the issue number, followed by an empty line and then a brief 97 | description of the commit. This also helps other contributors understand the 98 | purpose of changes to the code. 99 | 100 | ```text 101 | #3 - platform_family and style 102 | 103 | * use platform_family for platform checking 104 | * update notifies syntax to "resource_type[resource_name]" instead of 105 | resources() lookup 106 | * GH-692 - delete config files dropped off by packages in conf.d 107 | * dropped debian 4 support because all other platforms have the same 108 | values, and it is older than "old stable" debian release 109 | ``` 110 | 111 | **N.B.** please always check for you commits to be 112 | [signed](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits) 113 | 114 | ## Release cycle 115 | 116 | Main branch is always available. Tagged versions may be created as needed 117 | following [Semantic Versioning](https://semver.org/) as far as applicable. 118 | 119 | **This file has been modified from the Chef Cookbook Contributing Guide**. 120 | -------------------------------------------------------------------------------- /MAINTAINERS.md: -------------------------------------------------------------------------------- 1 | # Authors 2 | 3 | ## Mantainers 4 | 5 | - Diego Ciangottini - INFN - diego.ciangottini\pg.infn.it 6 | - Giulio Bianchini - INFN - giulio.bianchini\pg.infn.it 7 | - Daniele Spiga - INFN - daniele.spiga\pg.infn.it 8 | 9 | ## Contributors 10 | 11 | - Vibhav Bobade - vibhav.bobde\gmail.com 12 | - Mauro Gattari - INFN - mauro.gattari\infn.it 13 | - Antoine Tran - Thales for CNES - no public email, but can be contacted through InterLink Slack channel or in github issue to @antoinetran 14 | - Lucio Anderlini - INFN - lucio.anderlini\fi.infn.it 15 | - Sergio Langarita - UPV - Worked on test use cases for Slurm. [@SergioLangaritaBenitez](https://www.github.com/SergioLangaritaBenitez) 16 | - Estíbaliz Parcero - UPV - Worked on test use cases for Slurm. [@esparig](https://www.github.com/esparig) 17 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | all: interlink vk installer ssh-tunnel 2 | 3 | interlink: 4 | CGO_ENABLED=0 OOS=linux go build -o bin/interlink cmd/interlink/main.go cmd/interlink/cri.go 5 | 6 | vk: 7 | CGO_ENABLED=0 OOS=linux go build -o bin/vk cmd/virtual-kubelet/main.go 8 | 9 | installer: 10 | CGO_ENABLED=0 OOS=linux go build -o bin/installer cmd/installer/main.go 11 | 12 | ssh-tunnel: 13 | CGO_ENABLED=0 OOS=linux go build -o bin/ssh-tunnel cmd/ssh-tunnel/main.go 14 | 15 | openapi: 16 | go run cmd/openapi-gen/main.go 17 | 18 | clean: 19 | rm -rf ./bin 20 | 21 | test: 22 | dagger call -m ./ci \ 23 | --name my-tests \ 24 | build-images \ 25 | new-interlink \ 26 | test stdout 27 | 28 | test-tls: 29 | dagger call -m ./ci \ 30 | --name my-mtls-tests \ 31 | build-images \ 32 | new-interlink-mtls \ 33 | test stdout 34 | 35 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Welcome to the interLink Project 2 | 3 | [![GitHub License](https://img.shields.io/github/license/interlink-hq/interlink)](https://img.shields.io/github/license/interlink-hq/interlink) 4 | ![GitHub Repo stars](https://img.shields.io/github/stars/interlink-hq/interlink) 5 | 6 | ![GitHub Release](https://img.shields.io/github/v/release/interlink-hq/interlink) 7 | ![Tested with Dagger](https://img.shields.io/badge/tested_with_dagger-v0.13.3-green) 8 | [![Go Report Card](https://goreportcard.com/badge/github.com/interlink-hq/interlink)](https://goreportcard.com/report/github.com/interlink-hq/interlink) 9 | 10 | [![Slack server](https://img.shields.io/badge/slack_server-8A2BE2?link=https%3A%2F%2Fjoin.slack.com%2Ft%2Fintertwin%2Fshared_invite%2Fzt-2cs67h9wz-2DFQ6EiSQGS1vlbbbJHctA)](https://join.slack.com/t/intertwin/shared_invite/zt-2cs67h9wz-2DFQ6EiSQGS1vlbbbJHctA) 11 | 12 | ![Interlink logo](./docs/static/img/interlink_logo.png) 13 | 14 | interLink is an abstraction layer for executing Kubernetes pods on remote resources capable of managing container execution lifecycles. 15 | 16 | It facilitates the development of provider-specific plugins for the [Kubernetes Virtual Kubelet interface](https://virtual-kubelet.io/), enabling resource providers to leverage Virtual Kubelet capabilities without deep Kubernetes internals knowledge. 17 | 18 | ## Architecture 19 | 20 | The project consists of two main components: 21 | 22 | - **Virtual Kubelet (Virtual Node)**: Translates Kubernetes pod execution requests into remote calls to the interLink API server 23 | - **interLink API Server**: A modular, pluggable REST server with provider-specific plugins (sidecars) for different execution environments 24 | 25 | ## Key Features 26 | 27 | - **Plugin-based Architecture**: Extensible sidecar system for different remote providers 28 | - **Multiple Deployment Patterns**: Edge-node, in-cluster, and tunneled configurations 29 | - **Built-in Observability**: OpenTelemetry integration with distributed tracing and metrics 30 | - **Secure Communication**: TLS/mTLS encryption and authentication between components 31 | - **Authentication**: OAuth2 integration and bearer token support 32 | - **Standard Kubernetes API**: Maintains full compatibility with existing K8s tooling 33 | 34 | interLink is hosted by the 35 | [Cloud Native Computing Foundation (CNCF)](https://cncf.io). 36 | 37 | ## Getting Started 38 | 39 | For usage and development guides please refer to 40 | [our site](https://interlink-hq.github.io/interLink/) 41 | 42 | ## Development 43 | 44 | ```bash 45 | # Build all components 46 | make all 47 | 48 | # Run tests (uses Dagger for containerized testing) 49 | make test 50 | 51 | # Generate OpenAPI specifications 52 | make openapi 53 | 54 | # Clean build artifacts 55 | make clean 56 | ``` 57 | 58 | ## Adopters 59 | 60 | Please find all our current adopters [here](./ADOPTERS.md) 61 | 62 | ## Contributing 63 | 64 | Our project welcomes contributions from any member of our community. To get 65 | started contributing, please see our [Contributor Guide](./CONTRIBUTING.md). 66 | 67 | ## Supported Providers 68 | 69 | interLink supports a wide range of remote execution environments through its plugin architecture: 70 | 71 | - **HPC Batch Systems**: SLURM, HTCondor with Apptainer, Enroot, or Singularity containers 72 | - **Virtual Machines**: On-demand VMs with Docker, Podman, or other container runtimes 73 | - **Remote Kubernetes**: Offload workloads to external Kubernetes clusters 74 | - **Serverless**: Lambda-like services for event-driven container execution 75 | - **Custom Providers**: Extensible plugin system for any container-capable remote resource 76 | 77 | ## Use Cases 78 | 79 | ### In Scope 80 | - **HPC Workloads**: AI training, ML inference, scientific simulations requiring specialized hardware 81 | - **GPU-intensive Tasks**: Remote execution on powerful GPU resources for ML training, data analysis, rendering 82 | - **Batch Processing**: On-demand container execution with specific compute requirements 83 | - **Hybrid Cloud**: Workload distribution across multiple infrastructure providers 84 | 85 | ### Out of Scope 86 | - **Long-running Services**: Persistent services with continuous availability requirements 87 | - **Kubernetes Federation**: Multi-cluster resource management and federation 88 | 89 | ## Communications 90 | 91 | - [![Slack server](https://img.shields.io/badge/slack_server-8A2BE2?link=https%3A%2F%2Fjoin.slack.com%2Ft%2Fintertwin%2Fshared_invite%2Fzt-2cs67h9wz-2DFQ6EiSQGS1vlbbbJHctA)](https://join.slack.com/t/intertwin/shared_invite/zt-2cs67h9wz-2DFQ6EiSQGS1vlbbbJHctA) 92 | 93 | ## Resources 94 | 95 | [![Kubecon 2025](https://img.youtube.com/vi/bIxw1uK0QRQ/0.jpg)](https://www.youtube.com/watch?v=bIxw1uK0QRQ) 96 | [![Kubecon AI days 2025](https://img.youtube.com/vi/vTg58Nd7_58/0.jpg)](https://www.youtube.com/watch?v=vTg58Nd7_58) 97 | [![Kubecon AI days 2024](https://img.youtube.com/vi/M3uLQiekqo8/0.jpg)](https://www.youtube.com/watch?v=M3uLQiekqo8) 98 | 99 | ## License 100 | 101 | This project is licensed under [Apache2](./LICENSE) 102 | 103 | ## Conduct 104 | 105 | We follow the [CNCF Code of Conduct](./CODE_OF_CONDUCT.md) 106 | -------------------------------------------------------------------------------- /REVIEWING.md: -------------------------------------------------------------------------------- 1 | # Reviewing Guide 2 | 3 | This document covers who may review pull requests for this project, and provides 4 | guidance on how to perform code reviews that meet our community standards and 5 | code of conduct. All reviewers must read this document and agree to follow the 6 | project review guidelines. Reviewers who do not follow these guidelines may have 7 | their privileges revoked. 8 | 9 | ## The Reviewer Role 10 | 11 | Only maintainers review pull requests. 12 | 13 | ## Values 14 | 15 | All reviewers must abide by the [Code of Conduct](CODE_OF_CONDUCT.md) and are 16 | also protected by it. A reviewer should not tolerate poor behavior and is 17 | encouraged to report any behavior that violates the Code of Conduct. All of our 18 | values listed above are distilled from our Code of Conduct. 19 | 20 | Below are concrete examples of how it applies to code review specifically: 21 | 22 | ### Inclusion 23 | 24 | Be welcoming and inclusive. You should proactively ensure that the author is 25 | successful. While any particular pull request may not ultimately be merged, 26 | overall we want people to have a great experience and be willing to contribute 27 | again. Answer the questions they didn't know to ask or offer concrete help when 28 | they appear stuck. 29 | 30 | ### Sustainability 31 | 32 | Avoid burnout by enforcing healthy boundaries. Here are some examples of how a 33 | reviewer is encouraged to act to take care of themselves: 34 | 35 | - Authors should meet baseline expectations when submitting a pull request, such 36 | as writing tests. 37 | - If your availability changes, you can step down from a pull request and have 38 | someone else assigned. 39 | - If interactions with an author are not following code of conduct, close the PR 40 | and raise it up with your Code of Conduct committee or point of contact. It's 41 | not your job to coax people into behaving. 42 | 43 | ### Trust 44 | 45 | Be trustworthy. During a review, your actions both build and help maintain the 46 | trust that the community has placed in this project. Below are examples of ways 47 | that we build trust: 48 | 49 | - **Transparency** - If a pull request won't be merged, clearly say why and 50 | close it. If a pull request won't be reviewed for a while, let the author know 51 | so they can set expectations and understand why it's blocked. 52 | - **Integrity** - Put the project's best interests ahead of personal 53 | relationships or company affiliations when deciding if a change should be 54 | merged. 55 | - **Stability** - Only merge when then change won't negatively impact project 56 | stability. It can be tempting to merge a pull request that doesn't meet our 57 | quality standards, for example when the review has been delayed, or because we 58 | are trying to deliver new features quickly, but regressions can significantly 59 | hurt trust in our project. 60 | 61 | ## Process 62 | 63 | [Instructions](https://contribute.cncf.io/maintainers/github/templates/recommended/reviewing/#process) 64 | 65 | ⚠️ **TBD** 66 | 67 | ## Checklist 68 | 69 | Below are a set of common questions that apply to all pull requests: 70 | 71 | - [ ] Is this PR targeting the correct branch? 72 | - [ ] Does the commit message provide an adequate description of the change? 73 | - [ ] Does the affected code have corresponding tests? 74 | - [ ] Are the changes documented, not just with inline documentation, but also 75 | with conceptual documentation such as an overview of a new feature, or 76 | task-based documentation like a tutorial? Consider if this change should 77 | be announced on your project blog. 78 | - [ ] Does this introduce breaking changes that would require an announcement or 79 | bumping the major version? 80 | 81 | ## Reading List 82 | 83 | Reviewers are encouraged to read the following articles for help with common 84 | reviewer tasks: 85 | 86 | - [The Art of Closing: How to closing an unfinished or rejected pull request](https://blog.jessfraz.com/post/the-art-of-closing/) 87 | - [Kindness and Code Reviews: Improving the Way We Give Feedback](https://product.voxmedia.com/2018/8/21/17549400/kindness-and-code-reviews-improving-the-way-we-give-feedback) 88 | - [Code Review Guidelines for Humans: Examples of good and back feedback](https://phauer.com/2018/code-review-guidelines/#code-reviews-guidelines-for-the-reviewer) 89 | -------------------------------------------------------------------------------- /ci/.gitattributes: -------------------------------------------------------------------------------- 1 | /dagger.gen.go linguist-generated 2 | /internal/dagger/** linguist-generated 3 | /internal/querybuilder/** linguist-generated 4 | /internal/telemetry/** linguist-generated 5 | -------------------------------------------------------------------------------- /ci/.gitignore: -------------------------------------------------------------------------------- 1 | /dagger.gen.go 2 | /internal/dagger 3 | /internal/querybuilder 4 | /internal/telemetry 5 | kubeconfig.yaml 6 | -------------------------------------------------------------------------------- /ci/dagger.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "interlink", 3 | "engineVersion": "v0.18.9", 4 | "sdk": { 5 | "source": "go" 6 | }, 7 | "dependencies": [ 8 | { 9 | "name": "k3s", 10 | "source": "github.com/marcosnils/daggerverse/k3s@k3s/v0.1.10", 11 | "pin": "8b07ea65d6d60b79d8e28db965f0a3bb2fa58541" 12 | } 13 | ] 14 | } 15 | -------------------------------------------------------------------------------- /ci/go.mod: -------------------------------------------------------------------------------- 1 | module dagger/interlink 2 | 3 | go 1.23.0 4 | 5 | toolchain go1.23.6 6 | 7 | require ( 8 | github.com/99designs/gqlgen v0.17.73 9 | github.com/Khan/genqlient v0.8.1 10 | github.com/vektah/gqlparser/v2 v2.5.27 11 | go.opentelemetry.io/otel v1.34.0 12 | go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.8.0 13 | go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.8.0 14 | go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.32.0 15 | go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.32.0 16 | go.opentelemetry.io/otel/log v0.8.0 17 | go.opentelemetry.io/otel/sdk v1.34.0 18 | go.opentelemetry.io/otel/sdk/log v0.8.0 19 | go.opentelemetry.io/otel/trace v1.34.0 20 | go.opentelemetry.io/proto/otlp v1.3.1 21 | golang.org/x/sync v0.14.0 22 | google.golang.org/grpc v1.72.1 23 | ) 24 | 25 | require ( 26 | github.com/cenkalti/backoff/v4 v4.3.0 // indirect 27 | github.com/go-logr/logr v1.4.2 // indirect 28 | github.com/go-logr/stdr v1.2.2 // indirect 29 | github.com/google/uuid v1.6.0 // indirect 30 | github.com/grpc-ecosystem/grpc-gateway/v2 v2.23.0 // indirect 31 | github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect 32 | github.com/sosodev/duration v1.3.1 // indirect 33 | go.opentelemetry.io/auto/sdk v1.1.0 // indirect 34 | go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.32.0 35 | go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.32.0 36 | go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.32.0 // indirect 37 | go.opentelemetry.io/otel/metric v1.34.0 38 | go.opentelemetry.io/otel/sdk/metric v1.34.0 39 | golang.org/x/net v0.40.0 // indirect 40 | golang.org/x/sys v0.33.0 // indirect 41 | golang.org/x/text v0.25.0 // indirect 42 | google.golang.org/genproto/googleapis/api v0.0.0-20250218202821-56aae31c358a // indirect 43 | google.golang.org/genproto/googleapis/rpc v0.0.0-20250218202821-56aae31c358a // indirect 44 | google.golang.org/protobuf v1.36.6 // indirect 45 | ) 46 | 47 | replace go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc => go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.8.0 48 | 49 | replace go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp => go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.8.0 50 | 51 | replace go.opentelemetry.io/otel/log => go.opentelemetry.io/otel/log v0.8.0 52 | 53 | replace go.opentelemetry.io/otel/sdk/log => go.opentelemetry.io/otel/sdk/log v0.8.0 54 | -------------------------------------------------------------------------------- /ci/manifests/interlink-config-local.yaml: -------------------------------------------------------------------------------- 1 | # apiVersion: v1 2 | # kind: ConfigMap 3 | # metadata: 4 | # name: "interlink-config" 5 | # namespace: interlink 6 | # data: 7 | # InterLinkConfig.yaml: | 8 | #InterlinkAddress: "unix:///var/run/interlink.socket" 9 | InterlinkAddress: "http://0.0.0.0" 10 | InterlinkPort: "3000" 11 | #sidecarURL: "http://plugin" 12 | SidecarURL: "http://0.0.0.0" 13 | SidecarPort: "4000" 14 | VerboseLogging: true 15 | ErrorsOnlyLogging: false 16 | DataRootFolder: "~/.interlink" 17 | -------------------------------------------------------------------------------- /ci/manifests/interlink-config.yaml: -------------------------------------------------------------------------------- 1 | # apiVersion: v1 2 | # kind: ConfigMap 3 | # metadata: 4 | # name: "interlink-config" 5 | # namespace: interlink 6 | # data: 7 | # InterLinkConfig.yaml: | 8 | #InterlinkAddress: "unix:///var/run/interlink.socket" 9 | InterlinkAddress: "http://0.0.0.0" 10 | InterlinkPort: "3000" 11 | SidecarURL: "http://plugin" 12 | #sidecarURL: "http://0.0.0.0" 13 | SidecarPort: "4000" 14 | VerboseLogging: true 15 | ErrorsOnlyLogging: false 16 | DataRootFolder: "~/.interlink" 17 | -------------------------------------------------------------------------------- /ci/manifests/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - virtual-kubelet-config.yaml 3 | - virtual-kubelet.yaml 4 | #- interlink-config.yaml 5 | #- interlink.yaml 6 | #- plugin-k8s-config.yaml 7 | #- plugin.yaml 8 | patches: 9 | - path: virtual-kubelet-merge.yaml 10 | target: 11 | kind: Deployment 12 | labelSelector: nodeName=virtual-kubelet 13 | 14 | -------------------------------------------------------------------------------- /ci/manifests/plugin-config.yaml: -------------------------------------------------------------------------------- 1 | InterlinkURL: "http://interlink" 2 | InterlinkPort: "3000" 3 | SidecarURL: "http://0.0.0.0" 4 | SidecarPort: "4000" 5 | VerboseLogging: true 6 | ErrorsOnlyLogging: false 7 | # NEEDED PATH FOR GITHUB ACTIONS 8 | #DataRootFolder: "/home/runner/work/interLink/interLink/.interlink/" 9 | # on your host use something like: 10 | DataRootFolder: "/home/ubuntu/.interlink/" 11 | ExportPodData: true 12 | SbatchPath: "/usr/bin/sbatch" 13 | ScancelPath: "/usr/bin/scancel" 14 | SqueuePath: "/usr/bin/squeue" 15 | CommandPrefix: "" 16 | SingularityPrefix: "" 17 | Namespace: "vk" 18 | Tsocks: false 19 | TsocksPath: "$WORK/tsocks-1.8beta5+ds1/libtsocks.so" 20 | TsocksLoginNode: "login01" 21 | BashPath: /bin/bash 22 | -------------------------------------------------------------------------------- /ci/manifests/plugin-k8s-config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: "plugin-config" 5 | namespace: interlink 6 | data: 7 | InterLinkConfig.yaml: | 8 | InterlinkURL: "http://localhost" 9 | InterlinkPort: "3000" 10 | SidecarURL: "http://0.0.0.0" 11 | SidecarPort: "4000" 12 | VerboseLogging: true 13 | ErrorsOnlyLogging: false 14 | ExportPodData: true 15 | DataRootFolder: "/home/runner/work/interLink/interLink/.interlink/" 16 | SbatchPath: "/usr/bin/sbatch" 17 | ScancelPath: "/usr/bin/scancel" 18 | SqueuePath: "/usr/bin/squeue" 19 | CommandPrefix: "" 20 | SingularityPrefix: "" 21 | Namespace: "vk" 22 | Tsocks: false 23 | TsocksPath: "$WORK/tsocks-1.8beta5+ds1/libtsocks.so" 24 | TsocksLoginNode: "login01" 25 | BashPath: /bin/bash 26 | -------------------------------------------------------------------------------- /ci/manifests/plugin.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: plugin 5 | namespace: interlink 6 | spec: 7 | selector: 8 | app: plugin 9 | ports: 10 | - protocol: TCP 11 | port: 4000 12 | targetPort: 4000 13 | --- 14 | apiVersion: apps/v1 15 | kind: Deployment 16 | metadata: 17 | name: plugin 18 | namespace: interlink 19 | labels: 20 | app: plugin 21 | spec: 22 | replicas: 1 23 | selector: 24 | matchLabels: 25 | app: plugin 26 | template: 27 | metadata: 28 | labels: 29 | app: plugin 30 | spec: 31 | containers: 32 | - name: plugin 33 | image: "dciangot/docker-plugin:v1" 34 | #image: "ghcr.io/interlink-hq/interlink-sidecar-slurm/interlink-sidecar-slurm:0.2.3" 35 | imagePullPolicy: Always 36 | command: 37 | - bash 38 | - -c 39 | args: 40 | - dockerd --mtu 1450 & /sidecar/docker-sidecar 41 | securityContext: 42 | privileged: true 43 | env: 44 | - name: INTERLINKCONFIGPATH 45 | value: "/etc/interlink/InterLinkConfig.yaml" 46 | volumeMounts: 47 | - name: config 48 | mountPath: /etc/interlink/InterLinkConfig.yaml 49 | subPath: InterLinkConfig.yaml 50 | volumes: 51 | - name: config 52 | configMap: 53 | # Provide the name of the ConfigMap you want to mount. 54 | name: plugin-config 55 | -------------------------------------------------------------------------------- /ci/manifests/service-account.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: virtual-kubelet 5 | namespace: interlink 6 | --- 7 | apiVersion: rbac.authorization.k8s.io/v1 8 | kind: ClusterRole 9 | metadata: 10 | name: virtual-kubelet 11 | namespace: interlink 12 | rules: 13 | - apiGroups: 14 | - "coordination.k8s.io" 15 | resources: 16 | - leases 17 | verbs: 18 | - update 19 | - create 20 | - get 21 | - list 22 | - watch 23 | - patch 24 | - apiGroups: 25 | - "" 26 | resources: 27 | - configmaps 28 | - secrets 29 | - services 30 | - serviceaccounts 31 | - namespaces 32 | verbs: 33 | - get 34 | - list 35 | - watch 36 | # For https://kubernetes.io/docs/reference/kubernetes-api/authentication-resources/token-request-v1/ 37 | - apiGroups: [""] 38 | resources: ["serviceaccounts/token"] 39 | verbs: 40 | - create 41 | - get 42 | - list 43 | - apiGroups: 44 | - "" 45 | resources: 46 | - pods 47 | verbs: 48 | - delete 49 | - get 50 | - list 51 | - watch 52 | - patch 53 | - apiGroups: 54 | - "" 55 | resources: 56 | - nodes 57 | verbs: 58 | - create 59 | - get 60 | - apiGroups: 61 | - "" 62 | resources: 63 | - nodes/status 64 | verbs: 65 | - update 66 | - patch 67 | - apiGroups: 68 | - "" 69 | resources: 70 | - pods/status 71 | verbs: 72 | - update 73 | - patch 74 | - apiGroups: 75 | - "" 76 | resources: 77 | - events 78 | verbs: 79 | - create 80 | - patch 81 | --- 82 | apiVersion: rbac.authorization.k8s.io/v1 83 | kind: ClusterRoleBinding 84 | metadata: 85 | name: virtual-kubelet 86 | namespace: interlink 87 | subjects: 88 | - kind: ServiceAccount 89 | name: virtual-kubelet 90 | namespace: interlink 91 | roleRef: 92 | apiGroup: rbac.authorization.k8s.io 93 | kind: ClusterRole 94 | name: virtual-kubelet 95 | 96 | -------------------------------------------------------------------------------- /ci/manifests/virtual-kubelet-config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: "virtual-kubelet-config" 5 | namespace: interlink 6 | data: 7 | InterLinkConfig.yaml: | 8 | #InterlinkURL: unix:///var/run/interlink.socket 9 | InterlinkURL: "http://interlink" 10 | InterlinkPort: "3000" 11 | VerboseLogging: true 12 | ErrorsOnlyLogging: false 13 | ServiceAccount: "virtual-kubelet" 14 | Namespace: interlink 15 | VKTokenFile: "" 16 | Resources: 17 | CPU: "100" 18 | Memory: "128Gi" 19 | Pods: "100" 20 | HTTP: 21 | Insecure: true 22 | KubeletHTTP: 23 | Insecure: true 24 | 25 | -------------------------------------------------------------------------------- /ci/manifests/virtual-kubelet-local.yaml: -------------------------------------------------------------------------------- 1 | InterlinkURL: "http://0.0.0.0" 2 | InterlinkPort: "3000" 3 | VerboseLogging: true 4 | ErrorsOnlyLogging: false 5 | ServiceAccount: "virtual-kubelet" 6 | Namespace: interlink 7 | VKTokenFile: "" 8 | Resources: 9 | CPU: "100" 10 | Memory: "128Gi" 11 | Pods: "100" 12 | HTTP: 13 | Insecure: true 14 | KubeletHTTP: 15 | Insecure: true 16 | 17 | -------------------------------------------------------------------------------- /ci/manifests/virtual-kubelet.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: virtual-kubelet 5 | namespace: interlink 6 | labels: 7 | nodeName: virtual-kubelet 8 | spec: 9 | replicas: 1 10 | selector: 11 | matchLabels: 12 | nodeName: virtual-kubelet 13 | template: 14 | metadata: 15 | labels: 16 | nodeName: virtual-kubelet 17 | spec: 18 | hostNetwork: true 19 | automountServiceAccountToken: true 20 | serviceAccountName: virtual-kubelet 21 | containers: 22 | # - name: interlink 23 | # image: "ghcr.io/interlink-hq/interlink/interlink" 24 | # imagePullPolicy: Always 25 | # env: 26 | # - name: INTERLINKCONFIGPATH 27 | # value: "/etc/interlink/InterLinkConfig.yaml" 28 | # volumeMounts: 29 | # - name: il-config 30 | # mountPath: /etc/interlink/InterLinkConfig.yaml 31 | # subPath: InterLinkConfig.yaml 32 | # - name: sockets 33 | # mountPath: /var/run/ 34 | - name: inttw-vk 35 | image: "ghcr.io/interlink-hq/interlink/virtual-kubelet-inttw" 36 | imagePullPolicy: Always 37 | env: 38 | - name: NODENAME 39 | value: virtual-kubelet 40 | - name: KUBELET_PORT 41 | value: "10251" 42 | - name: POD_IP 43 | valueFrom: 44 | fieldRef: 45 | fieldPath: status.podIP 46 | - name: CONFIGPATH 47 | value: "/etc/interlink/InterLinkConfig.yaml" 48 | volumeMounts: 49 | - name: config 50 | mountPath: /etc/interlink/InterLinkConfig.yaml 51 | subPath: InterLinkConfig.yaml 52 | # - name: sockets 53 | # mountPath: /var/run/ 54 | volumes: 55 | - name: config 56 | configMap: 57 | # Provide the name of the ConfigMap you want to mount. 58 | name: virtual-kubelet-config 59 | - name: sockets 60 | hostPath: 61 | path: /var/run 62 | type: Directory 63 | # - name: il-config 64 | # configMap: 65 | # # Provide the name of the ConfigMap you want to mount. 66 | # name: interlink-config 67 | # - name: sockets 68 | # emptyDir: {} 69 | -------------------------------------------------------------------------------- /ci/manifests/vktest_config.yaml: -------------------------------------------------------------------------------- 1 | target_nodes: 2 | - virtual-kubelet 3 | 4 | required_namespaces: 5 | - default 6 | - kube-system 7 | - interlink 8 | 9 | timeout_multiplier: 10. 10 | values: 11 | namespace: interlink 12 | 13 | annotations: 14 | slurm-job.vk.io/flags: "--job-name=test-pod-cfg -t 2800" 15 | slurm-job.vk.io/image-root: "docker://" 16 | 17 | tolerations: 18 | - key: virtual-node.interlink/no-schedule 19 | operator: Exists 20 | effect: NoSchedule 21 | 22 | -------------------------------------------------------------------------------- /cmd/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/interlink-hq/interLink/bcd8b82419750774d1dcf31b9756249782b2ebda/cmd/.DS_Store -------------------------------------------------------------------------------- /cmd/installer/README.md: -------------------------------------------------------------------------------- 1 | # interLink Installer 2 | 3 | The interLink installer is a command-line tool that simplifies the deployment of 4 | interLink components across different environments. It automates the generation 5 | of configuration files, deployment manifests, and installation scripts needed to 6 | set up interLink in various deployment scenarios. 7 | 8 | ## Overview 9 | 10 | The interLink installer: 11 | 12 | - Generates configuration files for interLink deployment 13 | - Handles OAuth authentication setup 14 | - Creates Helm chart values for Kubernetes deployment 15 | - Generates installation scripts for remote interLink APIs 16 | - Supports different deployment scenarios (Edge-node, In-cluster, Tunneled) 17 | 18 | ## Installation 19 | 20 | The installer is built as part of the interLink project. To build it: 21 | 22 | ```bash 23 | # From the root of the interLink repository 24 | go build -o interlink-installer ./cmd/installer 25 | ``` 26 | 27 | ## Usage 28 | 29 | ### Initialize a Configuration 30 | 31 | Create a default configuration file with placeholder values: 32 | 33 | ```bash 34 | ./interlink-installer --init --config /path/to/config.yaml 35 | ``` 36 | 37 | This creates a configuration file with default values that you must edit to 38 | match your environment. 39 | 40 | > It `--config` is not given, default location is `$HOME/.interlink.yaml 41 | 42 | ### Generate Deployment Manifests 43 | 44 | After editing the configuration file, generate the deployment manifests: 45 | 46 | ```bash 47 | ./interlink-installer --config /path/to/config.yaml --output-dir /path/to/output 48 | ``` 49 | 50 | This will: 51 | 52 | 1. Read the configuration file 53 | 2. Handle OAuth authentication if needed 54 | 3. Generate Helm chart values at `/path/to/output/values.yaml` 55 | 4. Generate an installation script at `/path/to/output/interlink-remote.sh` 56 | 57 | ### Deploy interLink 58 | 59 | After generating the manifests: 60 | 61 | 1. Deploy to Kubernetes: 62 | 63 | ```bash 64 | helm --debug upgrade --install --create-namespace -n \ 65 | oci://ghcr.io/interlink-hq/interlink-helm-chart/interlink \ 66 | --values /path/to/output/values.yaml 67 | ``` 68 | 69 | 2. Install on the remote server: 70 | 71 | ```bash 72 | # Copy the script to the remote server 73 | scp /path/to/output/interlink-remote.sh user@remote-server:~/ 74 | 75 | # On the remote server 76 | chmod +x interlink-remote.sh 77 | ./interlink-remote.sh install 78 | ./interlink-remote.sh start 79 | ``` 80 | 81 | ## Command-Line Flags 82 | 83 | | Flag | Default | Description | 84 | | -------------- | ---------------------------- | ------------------------------------------------------- | 85 | | `--config` | `$HOME/.interlink.yaml` | Path to the configuration file | 86 | | `--output-dir` | `$HOME/.interlink/manifests` | Directory where deployment manifests will be stored | 87 | | `--init` | `false` | Initialize a new configuration file with default values | 88 | 89 | ## Configuration File 90 | 91 | The configuration file is in YAML format and contains the following sections: 92 | 93 | ### Virtual Kubelet Configuration 94 | 95 | ```yaml 96 | kubelet_node_name: my-vk-node 97 | kubernetes_namespace: interlink 98 | node_limits: 99 | cpu: "10" 100 | memory: "256" 101 | pods: "10" 102 | ``` 103 | 104 | ### interLink API Configuration 105 | 106 | ```yaml 107 | interlink_ip: PUBLIC_IP_HERE 108 | interlink_port: 8443 109 | interlink_version: 0.3.3 110 | insecure_http: true 111 | ``` 112 | 113 | ### OAuth Configuration 114 | 115 | ```yaml 116 | oauth: 117 | provider: oidc # or github 118 | grant_type: authorization_code # or client_credentials 119 | client_id: OIDC_CLIENT_ID_HERE 120 | client_secret: OIDC_CLIENT_SECRET_HERE 121 | scopes: 122 | - openid 123 | - email 124 | - offline_access 125 | - profile 126 | token_url: https://my_oidc_idp.com/token 127 | device_code_url: https://my_oidc_idp/auth/device 128 | issuer: https://my_oidc_idp.com/ 129 | audience: OIDC_AUDIENCE_HERE # Required for OIDC providers 130 | # For GitHub provider 131 | # github_user: username 132 | ``` 133 | 134 | ## Deployment Scenarios 135 | 136 | The installer supports all three deployment scenarios described in the interLink 137 | documentation: 138 | 139 | 1. **Edge-node**: Deploy interLink API and plugin on a dedicated edge node 140 | 2. **In-cluster**: Deploy all components inside the Kubernetes cluster 141 | 3. **Tunneled**: Deploy interLink API in the cluster and plugin remotely with a 142 | secure tunnel 143 | 144 | _The specific scenario is determined by how you configure the interLink IP and 145 | port in the configuration file and where you run the installation script._ 146 | 147 | ## Template Files 148 | 149 | The installer includes several embedded template files: 150 | 151 | - `values.yaml`: Helm chart values for Kubernetes deployment 152 | - `interlink-install.sh`: Installation script for remote interLink APIs 153 | - `interlink.service`: SystemD service file for interLink 154 | - `oauth2-proxy.service`: SystemD service file for OAuth2 proxy 155 | 156 | These templates are processed with the configuration data to generate the final 157 | deployment files. 158 | -------------------------------------------------------------------------------- /cmd/installer/templates/interlink.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=This Unit is needed to automatically start the Interlink API at system startup 3 | After=network.target 4 | 5 | [Service] 6 | Type=simple 7 | User=root 8 | WorkingDirectory=/etc/interlink/bin 9 | ExecStart=/etc/interlink/bin/interlink 10 | EnvironmentFile=/etc/interlink/.envs 11 | 12 | [Install] 13 | WantedBy=multi-user.target -------------------------------------------------------------------------------- /cmd/installer/templates/oauth2-proxy.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=This Unit is needed to automatically start the Oauth2 proxy at system startup 3 | After=network.target 4 | 5 | [Service] 6 | Type=simple 7 | User=root 8 | WorkingDirectory=/etc/interlink/bin 9 | ExecStart=/etc/interlink/bin/oauth2-proxy 10 | EnvironmentFile=/etc/interlink/.envs_oauth 11 | 12 | [Install] 13 | WantedBy=multi-user.target -------------------------------------------------------------------------------- /cmd/installer/templates/values.yaml: -------------------------------------------------------------------------------- 1 | nodeName: {{.VKName}} 2 | 3 | interlink: 4 | 5 | address: https://{{.InterLinkIP}} 6 | port: {{.InterLinkPort}} 7 | disableProjectedVolumes: true 8 | 9 | virtualNode: 10 | resources: 11 | CPUs: {{.VKLimits.CPU}} 12 | memGiB: {{.VKLimits.Memory}} 13 | pods: {{.VKLimits.Pods}} 14 | HTTPProxies: 15 | HTTP: null 16 | HTTPs: null 17 | HTTP: 18 | CACert: {{ .CACert }} 19 | Insecure: {{.HTTPInsecure}} 20 | # uncomment to enable custom nodeSelector and nodeTaints 21 | #nodeLabels: 22 | # - "accelerator=a100" 23 | #nodeTaints: 24 | # - key: "accelerator" 25 | # value: "a100" 26 | # effect: "NoSchedule" 27 | 28 | OAUTH: 29 | enabled: true 30 | TokenURL: {{.OAUTH.TokenURL}} 31 | ClientID: {{.OAUTH.ClientID}} 32 | ClientSecret: {{.OAUTH.ClientSecret}} 33 | RefreshToken: {{.OAUTH.RefreshToken}} 34 | GrantType: {{.OAUTH.GrantType}} 35 | Audience: {{.OAUTH.Audience}} 36 | -------------------------------------------------------------------------------- /cmd/openapi-gen/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "flag" 5 | "fmt" 6 | "log" 7 | "net/http" 8 | "os" 9 | 10 | "github.com/interlink-hq/interlink/pkg/interlink" 11 | "github.com/swaggest/openapi-go" 12 | "github.com/swaggest/openapi-go/openapi3" 13 | corev1 "k8s.io/api/core/v1" 14 | ) 15 | 16 | func main() { 17 | version := flag.String("version", "0.4.0", "generate API spec for this version") 18 | flag.Parse() 19 | 20 | reflector := openapi3.Reflector{} 21 | reflector.Spec = &openapi3.Spec{Openapi: "3.0.3"} 22 | reflector.Spec.Info. 23 | WithTitle("interLink server API"). 24 | WithVersion(*version). 25 | WithDescription("This is the API spec for the Virtual Kubelet to interLink API server communication") 26 | 27 | createOp, err := reflector.NewOperationContext(http.MethodPost, "/create") 28 | if err != nil { 29 | panic(err) 30 | } 31 | 32 | // CREATE 33 | createOp.AddReqStructure(new(interlink.PodCreateRequests)) 34 | createOp.AddRespStructure(new(interlink.RetrievedPodData), func(cu *openapi.ContentUnit) { cu.HTTPStatus = http.StatusOK }) 35 | 36 | err = reflector.AddOperation(createOp) 37 | if err != nil { 38 | panic(err) 39 | } 40 | 41 | // DELETE 42 | deleteOp, err := reflector.NewOperationContext(http.MethodPost, "/delete") 43 | if err != nil { 44 | panic(err) 45 | } 46 | 47 | deleteOp.AddReqStructure(new(corev1.Pod)) 48 | deleteOp.AddRespStructure(nil, func(cu *openapi.ContentUnit) { cu.HTTPStatus = http.StatusOK }) 49 | 50 | err = reflector.AddOperation(deleteOp) 51 | if err != nil { 52 | panic(err) 53 | } 54 | 55 | // Ping 56 | pingOp, err := reflector.NewOperationContext(http.MethodPost, "/pinglink") 57 | if err != nil { 58 | panic(err) 59 | } 60 | 61 | pingOp.AddReqStructure(nil) 62 | pingOp.AddRespStructure(nil, func(cu *openapi.ContentUnit) { cu.HTTPStatus = http.StatusOK }) 63 | 64 | err = reflector.AddOperation(pingOp) 65 | if err != nil { 66 | panic(err) 67 | } 68 | 69 | // Status 70 | statusOp, err := reflector.NewOperationContext(http.MethodPost, "/status") 71 | if err != nil { 72 | panic(err) 73 | } 74 | 75 | statusOp.AddReqStructure(new([]corev1.Pod)) 76 | statusOp.AddRespStructure(new([]interlink.PodStatus), func(cu *openapi.ContentUnit) { cu.HTTPStatus = http.StatusOK }) 77 | 78 | err = reflector.AddOperation(statusOp) 79 | if err != nil { 80 | panic(err) 81 | } 82 | 83 | // Logs 84 | logsOp, err := reflector.NewOperationContext(http.MethodPost, "/getLogs") 85 | if err != nil { 86 | panic(err) 87 | } 88 | 89 | logsOp.AddReqStructure(new(interlink.LogStruct)) 90 | logsOp.AddRespStructure(new(string), func(cu *openapi.ContentUnit) { cu.HTTPStatus = http.StatusOK }) 91 | 92 | err = reflector.AddOperation(logsOp) 93 | if err != nil { 94 | panic(err) 95 | } 96 | 97 | schema, err := reflector.Spec.MarshalJSON() 98 | if err != nil { 99 | log.Fatal(err) 100 | } 101 | fmt.Println(string(schema)) 102 | 103 | // Write the JSON data to the file 104 | file, err := os.Create("./docs/openapi/interlink-openapi.json") 105 | if err != nil { 106 | panic(err) 107 | } 108 | defer file.Close() 109 | 110 | _, err = file.Write(schema) 111 | if err != nil { 112 | panic(err) 113 | } 114 | 115 | fmt.Println("Successfully wrote to ./docs/openapi/interlink-openapi.json") 116 | } 117 | -------------------------------------------------------------------------------- /cmd/ssh-tunnel/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "encoding/base64" 5 | "flag" 6 | "fmt" 7 | "io" 8 | "log" 9 | "net" 10 | "os" 11 | 12 | "golang.org/x/crypto/ssh" 13 | ) 14 | 15 | func runTunnel(local, remote net.Conn) { 16 | defer local.Close() 17 | defer remote.Close() 18 | done := make(chan struct{}, 2) 19 | 20 | go func() { 21 | _, err := io.Copy(local, remote) 22 | if err != nil { 23 | log.Fatal(err) 24 | return 25 | } 26 | done <- struct{}{} 27 | }() 28 | 29 | go func() { 30 | _, err := io.Copy(remote, local) 31 | if err != nil { 32 | log.Fatal(err) 33 | return 34 | } 35 | done <- struct{}{} 36 | }() 37 | 38 | <-done 39 | } 40 | 41 | // https://stackoverflow.com/questions/44269142/golang-ssh-getting-must-specify-hoskeycallback-error-despite-setting-it-to-n 42 | // create human-readable SSH-key strings 43 | func keyString(k ssh.PublicKey) string { 44 | return k.Type() + " " + base64.StdEncoding.EncodeToString(k.Marshal()) // e.g. "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTY...." 45 | } 46 | 47 | func trustedHostKeyCallback(trustedKey ssh.PublicKey) ssh.HostKeyCallback { 48 | 49 | if trustedKey == nil { 50 | return func(_ string, _ net.Addr, k ssh.PublicKey) error { 51 | log.Printf("WARNING: SSH-key verification is *NOT* in effect: to fix, add this trustedKey: %q", keyString(k)) 52 | return nil 53 | } 54 | } 55 | 56 | return ssh.FixedHostKey(trustedKey) 57 | } 58 | 59 | func main() { 60 | addr := flag.String("addr", "", "ssh server address to dial as :") 61 | username := flag.String("user", "", "username for ssh") 62 | keyFile := flag.String("keyfile", "", "file with private key for SSH authentication") 63 | remotePort := flag.String("rport", "", "remote port for tunnel") 64 | localSocket := flag.String("lsock", "", "local socket for tunnel") 65 | hostkeyFile := flag.String("hostkeyfile", "", "file with public key for SSH host check") 66 | flag.Parse() 67 | 68 | var hostKeyCallback ssh.HostKeyCallback 69 | 70 | if *hostkeyFile == "" { 71 | log.Print("No hostkey passed, proceeding with insecure hostkey callback mode") 72 | hostKeyCallback = ssh.HostKeyCallback( 73 | func(_ string, _ net.Addr, _ ssh.PublicKey) error { 74 | return nil 75 | }) 76 | } else { 77 | pubkey, err := os.ReadFile(*hostkeyFile) 78 | if err != nil { 79 | log.Fatalf("unable to hostkeyFile: %v", err) 80 | } 81 | hostkey, err := ssh.ParsePublicKey(pubkey) 82 | if err != nil { 83 | log.Fatalf("unable to parse private key: %v", err) 84 | } 85 | 86 | hostKeyCallback = trustedHostKeyCallback(hostkey) 87 | } 88 | 89 | key, err := os.ReadFile(*keyFile) 90 | if err != nil { 91 | log.Fatalf("unable to read private key: %v", err) 92 | } 93 | signer, err := ssh.ParsePrivateKey(key) 94 | if err != nil { 95 | log.Fatalf("unable to parse private key: %v", err) 96 | } 97 | // An SSH client is represented with a ClientConn. 98 | // 99 | // To authenticate with the remote server you must pass at least one 100 | // implementation of AuthMethod via the Auth field in ClientConfig, 101 | // and provide a HostKeyCallback. 102 | config := &ssh.ClientConfig{ 103 | User: *username, 104 | Auth: []ssh.AuthMethod{ 105 | ssh.PublicKeys(signer), 106 | }, 107 | HostKeyCallback: hostKeyCallback, 108 | } 109 | 110 | client, err := ssh.Dial("tcp", *addr, config) 111 | if err != nil { 112 | log.Panicf("Failed to dial: %v", err) 113 | } 114 | defer client.Close() 115 | 116 | listener, err := client.Listen("tcp", "localhost:"+*remotePort) 117 | if err != nil { 118 | client.Close() 119 | log.Panicf("Failed to listen on remote socket %s: %v", *remotePort, err) 120 | } 121 | defer listener.Close() 122 | 123 | log.Printf("Listening on remote socket %s", *remotePort) 124 | for { 125 | remote, err := listener.Accept() 126 | if err != nil { 127 | log.Printf("Failed to accept connection on remote socket %s: %v", *remotePort, err) 128 | continue 129 | } 130 | log.Printf("Accepted connection on remote socket %s", *remotePort) 131 | go func() { 132 | local, err := net.Dial("unix", *localSocket) 133 | if err != nil { 134 | log.Printf("Failed to dial local socket %s: %v", *localSocket, err) 135 | remote.Close() 136 | return 137 | } 138 | log.Printf("Connected to local socket %s", *localSocket) 139 | fmt.Println("tunnel established with", local.LocalAddr()) 140 | runTunnel(local, remote) 141 | }() 142 | } 143 | } 144 | -------------------------------------------------------------------------------- /cmd/virtual-kubelet/set-version.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ -n ${KUBELET_VERSION} ]; then 4 | cat << EOF > pkg/virtualkubelet/version.go 5 | package virtualkubelet 6 | 7 | var ( 8 | KubeletVersion = "$KUBELET_VERSION" 9 | ) 10 | EOF 11 | fi 12 | -------------------------------------------------------------------------------- /docker/Dockerfile.interlink: -------------------------------------------------------------------------------- 1 | FROM golang:1.24 as build-stage 2 | 3 | WORKDIR /app 4 | 5 | COPY .. . 6 | 7 | ENV GOMODCACHE="/go/pkg/mod" 8 | 9 | ENV GOCACHE="/go/build-cache" 10 | 11 | RUN mkdir -p $GOMODCACHE && mkdir -p $GOCACHE 12 | 13 | ARG VERSION 14 | RUN bash -c "KUBELET_VERSION=${VERSION} ./cmd/virtual-kubelet/set-version.sh" 15 | 16 | RUN --mount=type=cache,target=/go/pkg/mod bash -c "time go mod tidy" 17 | RUN --mount=type=cache,target=/go/build-cache bash -c "time CGO_ENABLED=0 GOOS=linux go build -o bin/interlink cmd/interlink/main.go cmd/interlink/cri.go" 18 | 19 | # Deploy the application binary into a lean image 20 | FROM gcr.io/distroless/base-debian11:latest AS build-release-stage 21 | 22 | WORKDIR / 23 | 24 | COPY --from=build-stage /app/bin/interlink /interlink 25 | 26 | USER nonroot:nonroot 27 | 28 | ENTRYPOINT ["/interlink"] 29 | -------------------------------------------------------------------------------- /docker/Dockerfile.refresh-token: -------------------------------------------------------------------------------- 1 | FROM python:3.10 2 | 3 | RUN pip3 install --no-cache-dir requests==2.31.0 4 | 5 | COPY ../docker/scripts/refresh.py /opt/refresh.py 6 | 7 | ENTRYPOINT ["python3", "/opt/refresh.py"] -------------------------------------------------------------------------------- /docker/Dockerfile.vk: -------------------------------------------------------------------------------- 1 | FROM bitnami/kubectl:1.27.14 as kubectl 2 | 3 | FROM golang:1.24 as build-stage 4 | 5 | WORKDIR /app 6 | 7 | COPY .. . 8 | 9 | ARG VERSION 10 | 11 | ENV GOMODCACHE="/go/pkg/mod" 12 | ENV GOCACHE="/go/build-cache" 13 | 14 | RUN mkdir -p $GOMODCACHE && mkdir -p $GOCACHE 15 | 16 | 17 | RUN bash -c "KUBELET_VERSION=${VERSION} ./cmd/virtual-kubelet/set-version.sh" 18 | RUN --mount=type=cache,target=/go/pkg/mod bash -c "time go mod tidy" 19 | RUN --mount=type=cache,target=/go/build-cache bash -c "time CGO_ENABLED=0 GOOS=linux go build -o bin/vk cmd/virtual-kubelet/main.go" 20 | 21 | # Deploy the application binary into a lean image 22 | FROM ubuntu:22.04 AS build-release-stage 23 | 24 | WORKDIR / 25 | 26 | COPY --from=build-stage /app/bin/vk /vk 27 | 28 | COPY --from=kubectl /opt/bitnami/kubectl/bin/kubectl /usr/local/bin/ 29 | 30 | ENTRYPOINT ["/vk"] 31 | -------------------------------------------------------------------------------- /docs/.eslintrc: -------------------------------------------------------------------------------- 1 | { 2 | "extends": ["plugin:@docusaurus/recommended"] 3 | } 4 | -------------------------------------------------------------------------------- /docs/.gitignore: -------------------------------------------------------------------------------- 1 | # Dependencies 2 | /node_modules 3 | 4 | # Production 5 | /build 6 | 7 | # Generated files 8 | .docusaurus 9 | .cache-loader 10 | 11 | # Misc 12 | .DS_Store 13 | .env.local 14 | .env.development.local 15 | .env.test.local 16 | .env.production.local 17 | 18 | npm-debug.log* 19 | yarn-debug.log* 20 | yarn-error.log* 21 | -------------------------------------------------------------------------------- /docs/README.md: -------------------------------------------------------------------------------- 1 | # Website 2 | 3 | This website is built using [Docusaurus](https://docusaurus.io/), a modern static website generator. 4 | 5 | ## Dagger module to site preview 6 | 7 | ```bash 8 | dagger -m github.com/levlaz/daggerverse/docusaurus@f073c72e0a7345bba2173a15269307df297c3c13 call \ (⎈|default:default) 9 | --src ./ serve up 10 | ``` 11 | 12 | ### Installation 13 | 14 | ``` 15 | $ yarn 16 | ``` 17 | 18 | ### Local Development 19 | 20 | ``` 21 | $ yarn start --config docusaurus.config.local.ts 22 | ``` 23 | 24 | This command starts a local development server and opens up a browser window. Most changes are reflected live without having to restart the server. 25 | 26 | ### Build 27 | 28 | ``` 29 | $ yarn build 30 | ``` 31 | 32 | This command generates static content into the `build` directory and can be served using any static contents hosting service. 33 | 34 | ### Deployment 35 | 36 | Using SSH: 37 | 38 | ``` 39 | $ USE_SSH=true yarn deploy 40 | ``` 41 | 42 | Not using SSH: 43 | 44 | ``` 45 | $ GIT_USER= yarn deploy 46 | ``` 47 | 48 | If you are using GitHub pages for hosting, this command is a convenient way to build the website and push to the `gh-pages` branch. 49 | -------------------------------------------------------------------------------- /docs/babel.config.js: -------------------------------------------------------------------------------- 1 | module.exports = { 2 | presets: [require.resolve('@docusaurus/core/lib/babel/preset')], 3 | }; 4 | -------------------------------------------------------------------------------- /docs/docs/Limitations.md: -------------------------------------------------------------------------------- 1 | --- 2 | sidebar_position: 6 3 | --- 4 | 5 | # Current limitations 6 | 7 | It's not black magic, we have to pay something: 8 | 9 | - **Cluster wide shared FS**: there is no support for cluster-wide filesystem 10 | mounting on the remote container. The only volumes supported are: `Secret`, 11 | `ConfigMap`, `EmptyDir` 12 | - **InCluster pod-to-pod network**: we are in the middle of the beta period to 13 | release this feature! 14 | 15 | :::note 16 | 17 | Reach out to us if you are willing to test the network implementation as beta 18 | users! 19 | 20 | ::: 21 | 22 | That's all. If you find anything else, feel free to let it know filing a github 23 | issue. 24 | -------------------------------------------------------------------------------- /docs/docs/arch.mdx: -------------------------------------------------------------------------------- 1 | --- 2 | sidebar_position: 2 3 | --- 4 | import ThemedImage from '@theme/ThemedImage'; 5 | import useBaseUrl from '@docusaurus/useBaseUrl'; 6 | 7 | # Architecture 8 | 9 | InterLink aims to provide an abstraction for the execution of a Kubernetes pod on any remote resource capable of managing a Container execution lifecycle. 10 | 11 | The project consists of two main components: 12 | 13 | - __A Kubernetes Virtual Node:__ based on the [VirtualKubelet](https://virtual-kubelet.io/) technology. Translating request for a kubernetes pod execution into a remote call to the interLink API server. 14 | - __The interLink API server:__ a modular and pluggable REST server where you can create your own Container manager plugin (called sidecars), or use the existing ones: remote docker execution on a remote host, singularity Container on a remote SLURM batch system. 15 | 16 | The project got inspired by the [KNoC](https://github.com/CARV-ICS-FORTH/knoc) and [Liqo](https://github.com/liqotech/liqo/tree/master) projects, enhancing that with the implemention a generic API layer b/w the virtual kubelet component and the provider logic for the container lifecycle management. 17 | 18 | 25 | -------------------------------------------------------------------------------- /docs/docs/cookbook/2-incluster.mdx: -------------------------------------------------------------------------------- 1 | --- 2 | sidebar_position: 3 3 | --- 4 | 5 | import Tabs from "@theme/Tabs"; 6 | import TabItem from "@theme/TabItem"; 7 | import ThemedImage from "@theme/ThemedImage"; 8 | import useBaseUrl from "@docusaurus/useBaseUrl"; 9 | 10 | # In-cluster deployment 11 | 12 | Deploy interLink in the local K8S cluster. 13 | 14 | 21 | 22 | ## Install interLink 23 | 24 | ### Deploy Kubernetes components 25 | 26 | The deployment of the Kubernetes components are managed by the official 27 | [HELM chart](https://github.com/interlink-hq/interlink-helm-chart). Depending on 28 | the scenario you selected, there might be additional operations to be done. 29 | 30 | - Create an helm values file: 31 | 32 | ```yaml title="values.yaml" 33 | nodeName: interlink-in-cluster 34 | 35 | interlink: 36 | enabled: true 37 | address: http://localhost 38 | port: 3000 39 | logging: 40 | verboseLogging: true 41 | 42 | plugin: 43 | enabled: true 44 | image: "ghcr.io/interlink-hq/interlink-sidecar-slurm/interlink-sidecar-slurm:0.5.1" 45 | address: "http://localhost" 46 | port: 4000 47 | privileged: true 48 | extraVolumeMounts: 49 | - name: plugin-data 50 | mountPath: /slurm-data 51 | envs: 52 | - name: SLURMCONFIGPATH 53 | value: "/etc/interlink/plugin.yaml" 54 | - name: SHARED_FS 55 | values: "true" 56 | config: | 57 | #Socket: "unix:///var/run/plugin.sock" 58 | ImagePrefix: "docker://" 59 | SidecarPort: 4000 60 | VerboseLogging: true 61 | ErrorsOnlyLogging: false 62 | DataRootFolder: "/slurm-data/" 63 | ExportPodData: true 64 | SbatchPath: "/usr/bin/sbatch" 65 | ScancelPath: "/usr/bin/scancel" 66 | SqueuePath: "/usr/bin/squeue" 67 | CommandPrefix: "" 68 | SingularityPrefix: "" 69 | Namespace: "vk" 70 | Tsocks: false 71 | TsocksPath: "$WORK/tsocks-1.8beta5+ds1/libtsocks.so" 72 | TsocksLoginNode: "login01" 73 | BashPath: /bin/bash 74 | 75 | virtualNode: 76 | resources: 77 | CPUs: 4 78 | memGiB: 16 79 | pods: 50 80 | 81 | extraVolumes: 82 | - name: plugin-data 83 | hostPath: 84 | path: /tmp/test 85 | type: DirectoryOrCreate 86 | ``` 87 | 88 | Eventually deploy the latest release of the official: 89 | 90 | ```bash 91 | export INTERLINK_CHART_VERSION="X.X.X" 92 | helm upgrade --install \ 93 | --create-namespace \ 94 | -n interlink \ 95 | my-node \ 96 | oci://ghcr.io/interlink-hq/interlink-helm-chart/interlink \ 97 | --version $INTERLINK_CHART_VERSION \ 98 | --values values.yaml 99 | ``` 100 | 101 | :::warning 102 | 103 | Remember to pick the 104 | [version of the chart](https://github.com/interlink-hq/interlink-helm-chart/blob/main/interlink/Chart.yaml#L18) 105 | and put it into the `INTERLINK_CHART_VERSION` env var above. 106 | 107 | ::: 108 | 109 | Whenever you see the node ready, you are good to go! 110 | 111 | :::note 112 | 113 | You can find a demo pod to test your setup 114 | [here](../guides/develop-a-plugin#lets-test-is-out). 115 | 116 | ::: 117 | 118 | To start debugging in case of problems we suggest starting from the pod 119 | containers logs! 120 | -------------------------------------------------------------------------------- /docs/docs/cookbook/_category_.json: -------------------------------------------------------------------------------- 1 | { 2 | "label": "Cookbook", 3 | "position": 3, 4 | "link": { 5 | "type": "generated-index", 6 | "description": "Practical recipes for different deployment scenarios." 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /docs/docs/guides/01-deploy-interlink.mdx: -------------------------------------------------------------------------------- 1 | --- 2 | sidebar_position: 1 3 | --- 4 | 5 | import ThemedImage from "@theme/ThemedImage"; 6 | import useBaseUrl from "@docusaurus/useBaseUrl"; 7 | 8 | # Deploy your plugin 9 | 10 | ## Attach your favorite plugin or develop one! (remote host) 11 | 12 | [Next chapter](./develop-a-plugin) will show the basics for developing a new 13 | plugin following the interLink openAPI spec. 14 | 15 | In alterative you can start an already supported one. 16 | 17 | ### Remote SLURM job submission 18 | 19 | If you manage a SLURM batch system, and you satisfy the requirements below, you 20 | can offload pod from a kubernetes cluster to your batch system, using interLink 21 | SLURM plugin of course. 22 | 23 | - [github.com/interlink-hq/interlink-slurm-plugin](https://github.com/interlink-hq/interlink-slurm-plugin) 24 | 25 | #### Requirements 26 | 27 | - a SLURM CLI available on the remote host and configured to interact with the 28 | computing cluster 29 | - a sharedFS with all the worker nodes 30 | - an experimental feature is available for cases in which this is not possible 31 | 32 | #### Configuration 33 | 34 | Please refer to either the plugin repository or the 35 | [cookbook](../cookbook/1-edge.mdx) for more information. 36 | 37 | ### Create UNICORE jobs to run on HPC centers 38 | 39 | [UNICORE](https://www.unicore.eu/) (Uniform Interface to Computing Resources) 40 | offers a ready-to-run system including client and server software. UNICORE makes 41 | distributed computing and data resources available in a seamless and secure way 42 | in intranets and the internet. 43 | 44 | - [UNICORE plugin](https://github.com/interlink-hq/interlink-unicore-plugin) 45 | 46 | #### Configuration 47 | 48 | Please refer to either the plugin repository for more information. 49 | 50 | ### Remote docker execution 51 | 52 | You get a VM from you cloud provider, with some GPUs maybe. You can attach it to 53 | your Kubernetes cluster using interLink docker plugin. 54 | 55 | - [Docker plugin repository](https://github.com/interlink-hq/interlink-docker-plugin) 56 | 57 | #### Configuration 58 | 59 | Please refer to either the plugin repository or the 60 | [cookbook](../cookbook/1-edge.mdx) for more information. 61 | 62 | ### Submit pods to HTcondor or ARC batch systems 63 | 64 | - [HTCondor plugin repository](https://github.com/interlink-hq/interlink-htcondor-plugin) 65 | - [ARC plugin repository](https://github.com/interlink-hq/interlink-arc-plugin) 66 | 67 | ### Remote Kubernetes Plugin 68 | 69 | InterLink plugin to extend the capabilities of existing Kubernetes clusters, 70 | enabling them to offload workloads to another remote cluster. The plugin 71 | supports the offloading of PODs that expose HTTP endpoints (i.e., HTTP 72 | Microservices). 73 | 74 | - [Interlink Kubernetes Plugin](https://baltig.infn.it/mgattari/interlink-kubernetes-plugin) 75 | 76 | #### Configuration 77 | 78 | Please refer to either the plugin repository or the 79 | [cookbook](../cookbook/1-edge.mdx) for more information. 80 | 81 | ## Test your setup 82 | 83 | Please find a demo pod to test your setup 84 | [here](./develop-a-plugin#lets-test-is-out). 85 | -------------------------------------------------------------------------------- /docs/docs/guides/03-api-reference.mdx: -------------------------------------------------------------------------------- 1 | --- 2 | sidebar_position: 3 3 | --- 4 | 5 | # OpenAPI references 6 | 7 | ## Plugin API spec 8 | 9 | Please find the sidecar OpenAPI JSON spec can be found [here](/plugin-openapi). 10 | 11 | import ApiDocMdx from "@theme/ApiDocMdx"; 12 | 13 | 14 | 15 | ## interLink API spec 16 | 17 | Please find the interLink OpenAPI JSON spec can be found 18 | [here](/interlink-openapi). 19 | 20 | 21 | -------------------------------------------------------------------------------- /docs/docs/guides/_category_.json: -------------------------------------------------------------------------------- 1 | { 2 | "label": "Admin guides", 3 | "position": 4, 4 | "link": { 5 | "type": "generated-index", 6 | "description": "Learn how to deploy and adapt interLink plugins for your use case." 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /docs/docs/guides/img/dashboard.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/interlink-hq/interLink/bcd8b82419750774d1dcf31b9756249782b2ebda/docs/docs/guides/img/dashboard.png -------------------------------------------------------------------------------- /docs/docs/guides/img/docsVersionDropdown.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/interlink-hq/interLink/bcd8b82419750774d1dcf31b9756249782b2ebda/docs/docs/guides/img/docsVersionDropdown.png -------------------------------------------------------------------------------- /docs/docs/guides/img/iam-client0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/interlink-hq/interLink/bcd8b82419750774d1dcf31b9756249782b2ebda/docs/docs/guides/img/iam-client0.png -------------------------------------------------------------------------------- /docs/docs/guides/img/iam-client1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/interlink-hq/interLink/bcd8b82419750774d1dcf31b9756249782b2ebda/docs/docs/guides/img/iam-client1.png -------------------------------------------------------------------------------- /docs/docs/guides/img/iam-client2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/interlink-hq/interLink/bcd8b82419750774d1dcf31b9756249782b2ebda/docs/docs/guides/img/iam-client2.png -------------------------------------------------------------------------------- /docs/docs/guides/img/localeDropdown.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/interlink-hq/interLink/bcd8b82419750774d1dcf31b9756249782b2ebda/docs/docs/guides/img/localeDropdown.png -------------------------------------------------------------------------------- /docs/docs/guides/img/vk_tracing.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/interlink-hq/interLink/bcd8b82419750774d1dcf31b9756249782b2ebda/docs/docs/guides/img/vk_tracing.png -------------------------------------------------------------------------------- /docs/docusaurus.config.local.ts: -------------------------------------------------------------------------------- 1 | import {themes as prismThemes} from 'prism-react-renderer'; 2 | import type {Config} from '@docusaurus/types'; 3 | import type * as Preset from '@docusaurus/preset-classic'; 4 | import type * as Redocusaurus from 'redocusaurus'; 5 | 6 | const config: Config = { 7 | title: 'interLink', 8 | tagline: 'Your Virtual Kubelet ecosystem!', 9 | favicon: 'img/favicon.ico', 10 | 11 | // Set the production url of your site here 12 | url: 'https://interlink-hq.github.io', 13 | // Set the // pathname under which your site is served 14 | // For GitHub pages deployment, it is often '//' 15 | baseUrl: '/', 16 | 17 | // GitHub pages deployment config. 18 | // If you aren't using GitHub pages, you don't need these. 19 | organizationName: 'INFN', // Usually your GitHub org/user name. 20 | projectName: 'interLink', // Usually your repo name. 21 | 22 | onBrokenLinks: 'throw', 23 | onBrokenMarkdownLinks: 'warn', 24 | 25 | // Even if you don't use internationalization, you can use this field to set 26 | // useful metadata like html lang. For example, if your site is Chinese, you 27 | // may want to replace "en" with "zh-Hans". 28 | i18n: { 29 | defaultLocale: 'en', 30 | locales: ['en'], 31 | }, 32 | 33 | presets: [ 34 | [ 35 | 'classic', 36 | { 37 | docs: { 38 | sidebarPath: './sidebars.ts', 39 | // Please change this to your repo. 40 | // Remove this to remove the "edit this page" links. 41 | editUrl: 42 | 'https://github.com/interlink-hq/interLink', 43 | }, 44 | blog: false, 45 | theme: { 46 | customCss: './src/css/custom.css', 47 | }, 48 | } satisfies Preset.Options, 49 | ], 50 | [ 51 | 'redocusaurus', 52 | { 53 | // Plugin Options for loading OpenAPI files 54 | specs: [ 55 | // Pass it a path to a local OpenAPI YAML file 56 | { 57 | // Redocusaurus will automatically bundle your spec into a single file during the build 58 | id: 'plugin-api', 59 | spec: 'openapi/plugin-openapi.json', 60 | route: '/plugin-openapi/', 61 | }, 62 | { 63 | // Redocusaurus will automatically bundle your spec into a single file during the build 64 | id: 'interlink-api', 65 | spec: 'openapi/interlink-openapi.json', 66 | route: '/interlink-openapi/', 67 | }, 68 | ], 69 | // Theme Options for modifying how redoc renders them 70 | theme: { 71 | // Change with your site colors 72 | primaryColor: '#1890ff', 73 | }, 74 | }, 75 | ], 76 | 77 | ], 78 | 79 | themeConfig: { 80 | announcementBar: { 81 | id: 'support_us', 82 | content: 83 | 'We are onboarding for our contribution to CNCF Sandbox! Please let us know for any broken or missing information as we move to the new home.', 84 | backgroundColor: '#fafbfc', 85 | textColor: '#091E42', 86 | isCloseable: false, 87 | }, 88 | // Replace with your project's social card 89 | image: 'img/img/interlink_logo.png', 90 | navbar: { 91 | title: 'Home', 92 | logo: { 93 | alt: 'interLink Logo', 94 | src: 'img/interlink_logo.png', 95 | }, 96 | items: [ 97 | { 98 | type: 'docsVersionDropdown', 99 | position: 'left', 100 | dropdownItemsAfter: [{to: '/versions', label: 'All versions'}], 101 | dropdownActiveClassDisabled: true, 102 | }, 103 | { 104 | type: 'docSidebar', 105 | sidebarId: 'tutorialSidebar', 106 | position: 'left', 107 | label: 'Docs', 108 | }, 109 | { 110 | href: 'https://github.com/interlink-hq/interLink', 111 | label: 'GitHub', 112 | position: 'right', 113 | }, 114 | ], 115 | }, 116 | footer: { 117 | style: 'dark', 118 | links: [ 119 | { 120 | title: 'Docs', 121 | items: [ 122 | { 123 | label: 'Docs', 124 | to: '/docs/intro', 125 | }, 126 | ], 127 | }, 128 | { 129 | title: 'Community', 130 | items: [ 131 | { 132 | label: 'interTwin project Slack', 133 | href: 'https://join.slack.com/t/intertwin/shared_invite/zt-2cs67h9wz-2DFQ6EiSQGS1vlbbbJHctA', 134 | } 135 | ], 136 | }, 137 | { 138 | title: 'More', 139 | items: [ 140 | { 141 | label: 'GitHub', 142 | href: 'https://github.com/interlink-hq/interLink', 143 | }, 144 | ], 145 | }, 146 | ], 147 | copyright: `Originally created by INFN - Copyright © interLink a Series of LF Projects, LLC.`, 148 | }, 149 | prism: { 150 | theme: prismThemes.github, 151 | darkTheme: prismThemes.dracula, 152 | }, 153 | } satisfies Preset.ThemeConfig, 154 | }; 155 | 156 | export default config; 157 | -------------------------------------------------------------------------------- /docs/docusaurus.config.ts: -------------------------------------------------------------------------------- 1 | import {themes as prismThemes} from 'prism-react-renderer'; 2 | import type {Config} from '@docusaurus/types'; 3 | import type * as Preset from '@docusaurus/preset-classic'; 4 | import type * as Redocusaurus from 'redocusaurus'; 5 | 6 | const config: Config = { 7 | title: 'interLink', 8 | tagline: 'Your Virtual Kubelet ecosystem!', 9 | favicon: 'img/favicon.ico', 10 | 11 | // Set the production url of your site here 12 | url: 'https://interlink-project.dev', 13 | // Set the // pathname under which your site is served 14 | // For GitHub pages deployment, it is often '//' 15 | baseUrl: '/', 16 | 17 | // GitHub pages deployment config. 18 | // If you aren't using GitHub pages, you don't need these. 19 | organizationName: 'interlink-hq', // Usually your GitHub org/user name. 20 | projectName: 'interLink', // Usually your repo name. 21 | 22 | onBrokenLinks: 'throw', 23 | onBrokenMarkdownLinks: 'warn', 24 | 25 | // Even if you don't use internationalization, you can use this field to set 26 | // useful metadata like html lang. For example, if your site is Chinese, you 27 | // may want to replace "en" with "zh-Hans". 28 | i18n: { 29 | defaultLocale: 'en', 30 | locales: ['en'], 31 | }, 32 | 33 | presets: [ 34 | [ 35 | 'classic', 36 | { 37 | docs: { 38 | sidebarPath: './sidebars.ts', 39 | // Please change this to your repo. 40 | // Remove this to remove the "edit this page" links. 41 | editUrl: 42 | 'https://github.com/interlink-hq/interLink', 43 | }, 44 | blog: false, 45 | theme: { 46 | customCss: './src/css/custom.css', 47 | }, 48 | } satisfies Preset.Options, 49 | ], 50 | [ 51 | 'redocusaurus', 52 | { 53 | // Plugin Options for loading OpenAPI files 54 | specs: [ 55 | // Pass it a path to a local OpenAPI YAML file 56 | { 57 | // Redocusaurus will automatically bundle your spec into a single file during the build 58 | id: 'plugin-api', 59 | spec: 'openapi/plugin-openapi.json', 60 | route: '/plugin-openapi/', 61 | }, 62 | { 63 | // Redocusaurus will automatically bundle your spec into a single file during the build 64 | id: 'interlink-api', 65 | spec: 'openapi/interlink-openapi.json', 66 | route: '/interlink-openapi/', 67 | }, 68 | ], 69 | // Theme Options for modifying how redoc renders them 70 | theme: { 71 | // Change with your site colors 72 | primaryColor: '#1890ff', 73 | }, 74 | }, 75 | ], 76 | 77 | ], 78 | 79 | themeConfig: { 80 | announcementBar: { 81 | id: 'support_us', 82 | content: 83 | 'We are onboarding for our contribution to CNCF Sandbox! Please let us know for any broken or missing information as we move to the new home.', 84 | backgroundColor: '#fafbfc', 85 | textColor: '#091E42', 86 | isCloseable: false, 87 | }, 88 | 89 | // Replace with your project's social card 90 | image: 'img/img/interlink_logo.png', 91 | navbar: { 92 | title: 'Home', 93 | logo: { 94 | alt: 'interLink Logo', 95 | src: 'img/interlink_logo.png', 96 | }, 97 | items: [ 98 | { 99 | type: 'docsVersionDropdown', 100 | position: 'left', 101 | dropdownActiveClassDisabled: true, 102 | }, 103 | { 104 | type: 'docSidebar', 105 | sidebarId: 'tutorialSidebar', 106 | position: 'left', 107 | label: 'Docs', 108 | }, 109 | { 110 | href: 'https://github.com/interlink-hq/interLink', 111 | label: 'GitHub', 112 | position: 'right', 113 | }, 114 | ], 115 | }, 116 | footer: { 117 | style: 'dark', 118 | links: [ 119 | { 120 | title: 'Docs', 121 | items: [ 122 | { 123 | label: 'Docs', 124 | to: '/docs/intro', 125 | }, 126 | ], 127 | }, 128 | { 129 | title: 'Community', 130 | items: [ 131 | { 132 | label: 'interTwin project Slack', 133 | href: 'https://join.slack.com/t/intertwin/shared_invite/zt-2cs67h9wz-2DFQ6EiSQGS1vlbbbJHctA', 134 | } 135 | ], 136 | }, 137 | { 138 | title: 'More', 139 | items: [ 140 | { 141 | label: 'GitHub', 142 | href: 'https://github.com/interlink-hq/interLink', 143 | }, 144 | ], 145 | }, 146 | ], 147 | copyright: `Originally created by INFN - Copyright © interLink a Series of LF Projects, LLC.`, 148 | }, 149 | prism: { 150 | theme: prismThemes.github, 151 | darkTheme: prismThemes.dracula, 152 | }, 153 | } satisfies Preset.ThemeConfig, 154 | }; 155 | 156 | export default config; 157 | -------------------------------------------------------------------------------- /docs/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "docs", 3 | "version": "0.0.0", 4 | "private": true, 5 | "scripts": { 6 | "docusaurus": "docusaurus", 7 | "start": "docusaurus start", 8 | "build": "docusaurus build", 9 | "swizzle": "docusaurus swizzle", 10 | "deploy": "docusaurus deploy", 11 | "clear": "docusaurus clear", 12 | "serve": "docusaurus serve", 13 | "write-translations": "docusaurus write-translations", 14 | "write-heading-ids": "docusaurus write-heading-ids", 15 | "typecheck": "tsc" 16 | }, 17 | "dependencies": { 18 | "@docusaurus/core": "3.0.1", 19 | "@docusaurus/preset-classic": "3.0.1", 20 | "@mdx-js/react": "^3.0.0", 21 | "clsx": "^2.0.0", 22 | "prism-react-renderer": "^2.3.0", 23 | "raw-loader": "^4.0.2", 24 | "react": "^18.0.0", 25 | "react-dom": "^18.0.0", 26 | "redocusaurus": "^2.0.2" 27 | }, 28 | "devDependencies": { 29 | "@docusaurus/eslint-plugin": "^3.5.2", 30 | "@docusaurus/module-type-aliases": "3.0.1", 31 | "@docusaurus/tsconfig": "3.0.1", 32 | "@docusaurus/types": "3.0.1", 33 | "typescript": "~5.2.2" 34 | }, 35 | "browserslist": { 36 | "production": [ 37 | ">0.5%", 38 | "not dead", 39 | "not op_mini all" 40 | ], 41 | "development": [ 42 | "last 3 chrome version", 43 | "last 3 firefox version", 44 | "last 5 safari version" 45 | ] 46 | }, 47 | "engines": { 48 | "node": ">=18.0" 49 | } 50 | } 51 | -------------------------------------------------------------------------------- /docs/sidebars.ts: -------------------------------------------------------------------------------- 1 | import type {SidebarsConfig} from '@docusaurus/plugin-content-docs'; 2 | 3 | /** 4 | * Creating a sidebar enables you to: 5 | - create an ordered group of docs 6 | - render a sidebar for each doc of that group 7 | - provide next/previous navigation 8 | 9 | The sidebars can be generated from the filesystem, or explicitly defined here. 10 | 11 | Create as many sidebars as you want. 12 | */ 13 | const sidebars: SidebarsConfig = { 14 | // By default, Docusaurus generates a sidebar from the docs folder structure 15 | tutorialSidebar: [{type: 'autogenerated', dirName: '.'}], 16 | 17 | // But you can create a sidebar manually 18 | /* 19 | tutorialSidebar: [ 20 | 'intro', 21 | 'hello', 22 | { 23 | type: 'category', 24 | label: 'Tutorial', 25 | items: ['tutorial-basics/create-a-document'], 26 | }, 27 | ], 28 | */ 29 | }; 30 | 31 | export default sidebars; 32 | -------------------------------------------------------------------------------- /docs/src/components/AdoptersFeatures/index.tsx: -------------------------------------------------------------------------------- 1 | import clsx from 'clsx'; 2 | import Heading from '@theme/Heading'; 3 | import styles from './styles.module.css'; 4 | 5 | type FeatureItem = { 6 | title: string; 7 | Svg: React.ComponentType>; 8 | description: JSX.Element; 9 | }; 10 | 11 | const FeatureList: FeatureItem[] = [ 12 | { 13 | title: 'INFN', 14 | Svg: require('@site/static/img/INFN_logo_sito.svg').default, 15 | description: ( 16 | <> 17 | 18 | ), 19 | }, 20 | { 21 | title: 'EGI', 22 | Svg: require('@site/static/img/egi-logo.svg').default, 23 | description: ( 24 | <> 25 | 26 | ), 27 | }, 28 | { 29 | title: 'CERN', 30 | Svg: require('@site/static/img/cern-logo.svg').default, 31 | description: ( 32 | <> 33 | 34 | ), 35 | }, 36 | { 37 | title: 'Universitat Politècnica de València', 38 | Svg: require('@site/static/img/logo-upv.svg').default, 39 | description: ( 40 | <> 41 | 42 | ), 43 | }, 44 | { 45 | title: 'CNES', 46 | Svg: require('@site/static/img/logo-cnes.svg').default, 47 | description: ( 48 | <> 49 | 50 | ), 51 | }, 52 | { 53 | title: 'IJS', 54 | Svg: require('@site/static/img/logo-ijs.svg').default, 55 | description: ( 56 | <> 57 | 58 | ), 59 | }, 60 | { 61 | title: 'IZUM', 62 | Svg: require('@site/static/img/logo-izum.svg').default, 63 | description: ( 64 | <> 65 | 66 | ), 67 | }, 68 | { 69 | title: 'JSC', 70 | Svg: require('@site/static/img/logo-jsc.svg').default, 71 | description: ( 72 | <> 73 | 74 | ), 75 | }, 76 | { 77 | title: 'NuNet', 78 | Svg: require('@site/static/img/logo-nunet.svg').default, 79 | description: ( 80 | <> 81 | 82 | ), 83 | }, 84 | { 85 | title: 'HelixML', 86 | Svg: require('@site/static/img/logo-helix.svg').default, 87 | description: ( 88 | <> 89 | 90 | ), 91 | }, 92 | ]; 93 | 94 | function Feature({title, Svg, description}: FeatureItem) { 95 | return ( 96 |
97 |
98 | 99 |
100 |

101 |
102 | ); 103 | } 104 | 105 | export default function AdoptersFeatures(): JSX.Element { 106 | return ( 107 |
108 |
109 | 110 | Evaluators and contributors 111 |

Find out more in the ADOPTERS.md document!

112 | 113 |
114 | {FeatureList.map((props, idx) => ( 115 | 116 | ))} 117 |
118 |
119 |
120 | ); 121 | } 122 | -------------------------------------------------------------------------------- /docs/src/components/AdoptersFeatures/styles.module.css: -------------------------------------------------------------------------------- 1 | .features { 2 | display: flex; 3 | align-items: center; 4 | padding: 2rem 0; 5 | width: 100%; 6 | } 7 | 8 | .featureSvg { 9 | height: 300px; 10 | width: 300px; 11 | align-items: center; 12 | justify-content: center; 13 | } 14 | -------------------------------------------------------------------------------- /docs/src/components/HomepageFeatures/index.tsx: -------------------------------------------------------------------------------- 1 | import clsx from 'clsx'; 2 | import Heading from '@theme/Heading'; 3 | import styles from './styles.module.css'; 4 | 5 | type FeatureItem = { 6 | title: string; 7 | Svg: React.ComponentType>; 8 | description: JSX.Element; 9 | }; 10 | 11 | const FeatureList: FeatureItem[] = [ 12 | { 13 | title: 'Seamless end-user experience', 14 | Svg: require('@site/static/img/home-1.svg').default, 15 | description: ( 16 | <> 17 | Keep using all your data science frameworks just like you are 18 | interacting with a physical Kubernetes cluster. 19 | 20 | ), 21 | }, 22 | { 23 | title: 'Customize only What Matters', 24 | Svg: require('@site/static/img/home-2.svg').default, 25 | description: ( 26 | <> 27 | {/*Docusaurus lets you focus on your docs, and we'll do the chores. Go 28 | ahead and move your docs into the docs directory.*/} 29 | Forget about complex API's and kubelet internals; 30 | focus on a simple REST interface for managing container lifecycle as you wish. 31 | 32 | ), 33 | }, 34 | { 35 | title: 'Integrate your resources quickly', 36 | Svg: require('@site/static/img/home-3.svg').default, 37 | description: ( 38 | <> 39 | Integrate resources hosted on remote batch systems or FaaS instances in matter 40 | of minutes thanks to interLink plugin-based architecture. 41 | 42 | ), 43 | }, 44 | ]; 45 | 46 | function Feature({title, Svg, description}: FeatureItem) { 47 | return ( 48 |
49 |
50 | 51 |
52 |
53 | {title} 54 |

{description}

55 |
56 |
57 | ); 58 | } 59 | 60 | export default function HomepageFeatures(): JSX.Element { 61 | return ( 62 |
63 |
64 |
65 | {FeatureList.map((props, idx) => ( 66 | 67 | ))} 68 |
69 |
70 |
71 | ); 72 | } 73 | -------------------------------------------------------------------------------- /docs/src/components/HomepageFeatures/styles.module.css: -------------------------------------------------------------------------------- 1 | .features { 2 | display: flex; 3 | align-items: center; 4 | padding: 2rem 0; 5 | width: 100%; 6 | } 7 | 8 | .featureSvg { 9 | height: 300px; 10 | width: 300px; 11 | } 12 | -------------------------------------------------------------------------------- /docs/src/components/HomepageSchema/index.tsx: -------------------------------------------------------------------------------- 1 | import Heading from '@theme/Heading'; 2 | import styles from './styles.module.css'; 3 | import ThemedImage from '@theme/ThemedImage'; 4 | import useBaseUrl from '@docusaurus/useBaseUrl'; 5 | 6 | 7 | 8 | export default function HomepageSchema(): JSX.Element { 9 | return ( 10 |
11 |
12 |
13 | 14 | Translate your pod request into a remote lifecycle command set 15 | 16 | 17 | You just have to select a (virtual)node as the pod destination. 18 | 19 | 26 |
27 |
28 |
29 | ); 30 | } 31 | -------------------------------------------------------------------------------- /docs/src/components/HomepageSchema/styles.module.css: -------------------------------------------------------------------------------- 1 | .featureSvg { 2 | display: flex; 3 | height: 100%; 4 | width: 100%; 5 | } 6 | .features { 7 | display: flex; 8 | align-items: center; 9 | padding: 2rem 0; 10 | width: 100%; 11 | } -------------------------------------------------------------------------------- /docs/src/css/custom.css: -------------------------------------------------------------------------------- 1 | /** 2 | * Any CSS included here will be global. The classic template 3 | * bundles Infima by default. Infima is a CSS framework designed to 4 | * work well for content-centric websites. 5 | */ 6 | 7 | /* You can override the default Infima variables here. */ 8 | :root { 9 | --ifm-color-primary: #6a479e; 10 | --ifm-color-primary-dark: #5f408e; 11 | --ifm-color-primary-darker: #5a3c86; 12 | --ifm-color-primary-darkest: #4a326f; 13 | --ifm-color-primary-light: #754eae; 14 | --ifm-color-primary-lighter: #7b55b3; 15 | --ifm-color-primary-lightest: #8d6dbd; 16 | --docusaurus-highlighted-code-line-bg: rgba(0, 0, 0, 0.1); 17 | } 18 | 19 | /* For readability concerns, you should choose a lighter palette in dark mode. */ 20 | [data-theme='dark'] { 21 | --ifm-color-primary: #ffd3b7; 22 | --ifm-color-primary-dark: #ffb88b; 23 | --ifm-color-primary-darker: #ffab75; 24 | --ifm-color-primary-darkest: #ff8334; 25 | --ifm-color-primary-light: #ffeee3; 26 | --ifm-color-primary-lighter: #fffbf9; 27 | --ifm-color-primary-lightest: #ffffff; 28 | --ifm-background-color: #000000; 29 | --ifm-code-font-size: 100%; 30 | --docusaurus-highlighted-code-line-bg: rgba(0, 0, 0, 0.3); 31 | } 32 | -------------------------------------------------------------------------------- /docs/src/pages/index.module.css: -------------------------------------------------------------------------------- 1 | /** 2 | * CSS files with the .module.css suffix will be treated as CSS modules 3 | * and scoped locally. 4 | */ 5 | 6 | .heroBanner { 7 | padding: 4rem 0 2rem 0; 8 | text-align: center; 9 | position: relative; 10 | overflow: hidden; 11 | background: linear-gradient(135deg, var(--ifm-color-primary) 0%, var(--ifm-color-primary-dark) 100%); 12 | } 13 | 14 | .heroContent { 15 | display: flex; 16 | align-items: center; 17 | justify-content: center; 18 | gap: 3rem; 19 | margin-bottom: 2rem; 20 | max-width: 1200px; 21 | margin-left: auto; 22 | margin-right: auto; 23 | } 24 | 25 | .logoContainer { 26 | flex-shrink: 0; 27 | } 28 | 29 | .heroText { 30 | flex: 1; 31 | text-align: left; 32 | max-width: 600px; 33 | } 34 | 35 | .heroTitle { 36 | font-size: 3.5rem; 37 | font-weight: 800; 38 | margin-bottom: 1rem; 39 | color: white; 40 | } 41 | 42 | .heroSubtitle { 43 | font-size: 1.5rem; 44 | font-weight: 400; 45 | margin-bottom: 1.5rem; 46 | color: rgba(255, 255, 255, 0.9); 47 | line-height: 1.4; 48 | } 49 | 50 | .heroDescription { 51 | font-size: 1.1rem; 52 | line-height: 1.6; 53 | margin-bottom: 2rem; 54 | color: rgba(255, 255, 255, 0.8); 55 | } 56 | 57 | [data-theme='dark'] .heroTitle { 58 | color: #000000; 59 | } 60 | 61 | [data-theme='dark'] .heroSubtitle { 62 | color: rgba(0, 0, 0, 0.9); 63 | } 64 | 65 | [data-theme='dark'] .heroDescription { 66 | color: rgba(0, 0, 0, 0.8); 67 | } 68 | 69 | .buttons { 70 | display: flex; 71 | align-items: center; 72 | gap: 1rem; 73 | flex-wrap: wrap; 74 | } 75 | 76 | .secondaryButton { 77 | border-color: rgba(255, 255, 255, 0.3); 78 | color: white; 79 | } 80 | 81 | .secondaryButton:hover { 82 | border-color: white; 83 | background-color: rgba(255, 255, 255, 0.1); 84 | color: white; 85 | } 86 | 87 | .badges { 88 | display: flex; 89 | justify-content: center; 90 | gap: 1rem; 91 | flex-wrap: wrap; 92 | margin-top: 2rem; 93 | } 94 | 95 | .badge { 96 | cursor: pointer; 97 | transition: transform 0.2s ease; 98 | border-radius: 4px; 99 | } 100 | 101 | .badge:hover { 102 | transform: translateY(-2px); 103 | } 104 | 105 | /* New section styles */ 106 | .videoSection { 107 | padding: 4rem 0; 108 | background-color: var(--ifm-background-color); 109 | } 110 | 111 | .cncfSection { 112 | padding: 4rem 0; 113 | text-align: center; 114 | background-color: var(--ifm-background-surface-color); 115 | } 116 | 117 | .sectionTitle { 118 | text-align: center; 119 | margin-bottom: 3rem; 120 | color: var(--ifm-heading-color); 121 | font-size: 2.5rem; 122 | font-weight: 700; 123 | } 124 | 125 | .cncfTitle { 126 | font-size: 2.5rem; 127 | font-weight: 700; 128 | margin-bottom: 1.5rem; 129 | color: var(--ifm-heading-color); 130 | } 131 | 132 | .cncfDescription { 133 | font-size: 1.2rem; 134 | margin-bottom: 2rem; 135 | color: var(--ifm-font-color-base); 136 | max-width: 600px; 137 | margin-left: auto; 138 | margin-right: auto; 139 | } 140 | 141 | .cncfDescription a { 142 | color: var(--ifm-color-primary); 143 | text-decoration: none; 144 | font-weight: 600; 145 | } 146 | 147 | .cncfDescription a:hover { 148 | text-decoration: underline; 149 | color: var(--ifm-color-primary-dark); 150 | } 151 | 152 | .cncfLogoContainer { 153 | margin: 2rem 0; 154 | display: flex; 155 | justify-content: center; 156 | align-items: center; 157 | padding: 1rem; 158 | background: var(--ifm-color-emphasis-0); 159 | border-radius: 12px; 160 | border: 1px solid var(--ifm-color-emphasis-200); 161 | } 162 | 163 | .cncfLogo { 164 | max-width: 300px; 165 | width: 100%; 166 | height: auto; 167 | transition: transform 0.3s ease; 168 | filter: brightness(1); 169 | } 170 | 171 | .cncfLogo:hover { 172 | transform: scale(1.05); 173 | } 174 | 175 | [data-theme='dark'] .cncfLogoContainer { 176 | background: var(--ifm-color-emphasis-100); 177 | border-color: var(--ifm-color-emphasis-300); 178 | } 179 | 180 | [data-theme='dark'] .cncfLogo { 181 | filter: brightness(1.2) contrast(1.1); 182 | } 183 | 184 | .cncfFooter { 185 | font-size: 0.9rem; 186 | color: var(--ifm-font-color-base); 187 | opacity: 0.8; 188 | margin-top: 2rem; 189 | max-width: 800px; 190 | margin-left: auto; 191 | margin-right: auto; 192 | } 193 | 194 | .cncfFooter a { 195 | color: var(--ifm-color-primary); 196 | text-decoration: none; 197 | } 198 | 199 | .cncfFooter a:hover { 200 | text-decoration: underline; 201 | color: var(--ifm-color-primary-dark); 202 | } 203 | 204 | /* Responsive Design */ 205 | @media screen and (max-width: 996px) { 206 | .heroBanner { 207 | padding: 3rem 1rem 2rem 1rem; 208 | } 209 | 210 | .heroContent { 211 | flex-direction: column; 212 | text-align: center; 213 | gap: 2rem; 214 | } 215 | 216 | .heroText { 217 | text-align: center; 218 | } 219 | 220 | .heroTitle { 221 | font-size: 2.5rem; 222 | } 223 | 224 | .heroSubtitle { 225 | font-size: 1.2rem; 226 | } 227 | 228 | .buttons { 229 | justify-content: center; 230 | } 231 | 232 | .badges { 233 | margin-top: 1.5rem; 234 | } 235 | 236 | .sectionTitle { 237 | font-size: 2rem; 238 | } 239 | 240 | .cncfTitle { 241 | font-size: 2rem; 242 | } 243 | } 244 | 245 | @media screen and (max-width: 768px) { 246 | .heroBanner { 247 | padding: 2rem 1rem 1.5rem 1rem; 248 | } 249 | 250 | .heroTitle { 251 | font-size: 2rem; 252 | } 253 | 254 | .heroSubtitle { 255 | font-size: 1.1rem; 256 | } 257 | 258 | .heroDescription { 259 | font-size: 1rem; 260 | } 261 | 262 | .buttons { 263 | flex-direction: column; 264 | align-items: stretch; 265 | } 266 | 267 | .badges { 268 | flex-direction: column; 269 | align-items: center; 270 | } 271 | 272 | .videoSection, 273 | .cncfSection { 274 | padding: 3rem 0; 275 | } 276 | 277 | .sectionTitle, 278 | .cncfTitle { 279 | font-size: 1.8rem; 280 | } 281 | 282 | .cncfDescription { 283 | font-size: 1rem; 284 | padding: 0 1rem; 285 | } 286 | } 287 | -------------------------------------------------------------------------------- /docs/src/pages/index.tsx: -------------------------------------------------------------------------------- 1 | import clsx from 'clsx'; 2 | import Link from '@docusaurus/Link'; 3 | import useDocusaurusContext from '@docusaurus/useDocusaurusContext'; 4 | import Layout from '@theme/Layout'; 5 | import HomepageFeatures from '@site/src/components/HomepageFeatures'; 6 | import HomepageVideo from '@site/src/components/HomepageVideo'; 7 | import HomepageSchema from '@site/src/components/HomepageSchema'; 8 | import Heading from '@theme/Heading'; 9 | import ThemedImage from '@theme/ThemedImage'; 10 | import useBaseUrl from '@docusaurus/useBaseUrl'; 11 | 12 | import styles from './index.module.css'; 13 | import AdopterStoriesSlider from '../components/AdopterStoriesSlider'; 14 | 15 | function HomepageHeader() { 16 | const {siteConfig} = useDocusaurusContext(); 17 | return ( 18 |
19 |
20 |
21 |
22 | 30 |
31 | 32 |
33 | 34 | interLink 35 | 36 | 37 | {siteConfig.tagline} 38 | 39 |

40 | Bridge your Kubernetes workloads to any compute resource - HPC clusters, 41 | batch systems, cloud providers, and more. Maintain the standard Kubernetes 42 | API while leveraging the power of heterogeneous computing. 43 |

44 | 45 |
46 | 49 | Get Started 🚀 50 | 51 |
52 |
53 |
54 | 55 |
56 | GitHub stars window.open('https://github.com/interlink-hq/interLink', '_blank')} 61 | /> 62 | Go Report Card window.open('https://goreportcard.com/report/github.com/interlink-hq/interlink', '_blank')} 67 | /> 68 | Join Slack window.open('https://join.slack.com/t/intertwin/shared_invite/zt-2cs67h9wz-2DFQ6EiSQGS1vlbbbJHctA', '_blank')} 73 | /> 74 |
75 |
76 |
77 | ); 78 | } 79 | 80 | export default function Home(): JSX.Element { 81 | const {siteConfig} = useDocusaurusContext(); 82 | return ( 83 | 86 | 87 |
88 | 89 | 90 | 91 | 92 |
93 |
94 | 95 | See interLink in Action 96 | 97 | 98 |
99 |
100 | 101 |
102 |
103 | 104 | CNCF Sandbox Project 105 | 106 |

107 | interLink is a 108 | Cloud Native Computing Foundation 109 | Sandbox project, committed to cloud-native innovation and community collaboration. 110 |

111 |
112 | Cloud Native Computing Foundation logo 117 |
118 |

119 | The Linux Foundation® (TLF) has registered trademarks and uses trademarks. 120 | For a list of TLF trademarks, see{' '} 121 | 122 | Trademark Usage 123 | . 124 |

125 |
126 |
127 |
128 | 129 | ) 130 | } 131 | -------------------------------------------------------------------------------- /docs/static/.nojekyll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/interlink-hq/interLink/bcd8b82419750774d1dcf31b9756249782b2ebda/docs/static/.nojekyll -------------------------------------------------------------------------------- /docs/static/img/37a0d3_bd169579737d47318ca1b1735db6e497~mv2.webp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/interlink-hq/interLink/bcd8b82419750774d1dcf31b9756249782b2ebda/docs/static/img/37a0d3_bd169579737d47318ca1b1735db6e497~mv2.webp -------------------------------------------------------------------------------- /docs/static/img/INFN_logo_sito.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/interlink-hq/interLink/bcd8b82419750774d1dcf31b9756249782b2ebda/docs/static/img/INFN_logo_sito.png -------------------------------------------------------------------------------- /docs/static/img/cern-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/interlink-hq/interLink/bcd8b82419750774d1dcf31b9756249782b2ebda/docs/static/img/cern-logo.png -------------------------------------------------------------------------------- /docs/static/img/docusaurus-social-card.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/interlink-hq/interLink/bcd8b82419750774d1dcf31b9756249782b2ebda/docs/static/img/docusaurus-social-card.jpg -------------------------------------------------------------------------------- /docs/static/img/docusaurus.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/interlink-hq/interLink/bcd8b82419750774d1dcf31b9756249782b2ebda/docs/static/img/docusaurus.png -------------------------------------------------------------------------------- /docs/static/img/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/interlink-hq/interLink/bcd8b82419750774d1dcf31b9756249782b2ebda/docs/static/img/favicon.ico -------------------------------------------------------------------------------- /docs/static/img/github-app-new.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/interlink-hq/interLink/bcd8b82419750774d1dcf31b9756249782b2ebda/docs/static/img/github-app-new.png -------------------------------------------------------------------------------- /docs/static/img/github-app-new2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/interlink-hq/interLink/bcd8b82419750774d1dcf31b9756249782b2ebda/docs/static/img/github-app-new2.png -------------------------------------------------------------------------------- /docs/static/img/github-app-new3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/interlink-hq/interLink/bcd8b82419750774d1dcf31b9756249782b2ebda/docs/static/img/github-app-new3.png -------------------------------------------------------------------------------- /docs/static/img/interlink_logo-dark.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/interlink-hq/interLink/bcd8b82419750774d1dcf31b9756249782b2ebda/docs/static/img/interlink_logo-dark.png -------------------------------------------------------------------------------- /docs/static/img/interlink_logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/interlink-hq/interLink/bcd8b82419750774d1dcf31b9756249782b2ebda/docs/static/img/interlink_logo.png -------------------------------------------------------------------------------- /docs/static/img/logo-helix.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/interlink-hq/interLink/bcd8b82419750774d1dcf31b9756249782b2ebda/docs/static/img/logo-helix.png -------------------------------------------------------------------------------- /docs/static/img/logo-izum.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/interlink-hq/interLink/bcd8b82419750774d1dcf31b9756249782b2ebda/docs/static/img/logo-izum.png -------------------------------------------------------------------------------- /docs/static/img/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/interlink-hq/interLink/bcd8b82419750774d1dcf31b9756249782b2ebda/docs/static/img/logo.png -------------------------------------------------------------------------------- /docs/static/img/logo_infn: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/interlink-hq/interLink/bcd8b82419750774d1dcf31b9756249782b2ebda/docs/static/img/logo_infn -------------------------------------------------------------------------------- /docs/static/img/logo_infn.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/interlink-hq/interLink/bcd8b82419750774d1dcf31b9756249782b2ebda/docs/static/img/logo_infn.jpg -------------------------------------------------------------------------------- /docs/static/img/nunet.webp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/interlink-hq/interLink/bcd8b82419750774d1dcf31b9756249782b2ebda/docs/static/img/nunet.webp -------------------------------------------------------------------------------- /docs/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | // This file is not used in compilation. It is here just for a nice editor experience. 3 | "extends": "@docusaurus/tsconfig", 4 | "compilerOptions": { 5 | "baseUrl": "." 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /docs/versioned_docs/version-0.4.x/Limitations.md: -------------------------------------------------------------------------------- 1 | --- 2 | sidebar_position: 6 3 | --- 4 | 5 | # Current limitations 6 | 7 | It's not black magic, we have to pay something: 8 | 9 | - **Cluster wide shared FS**: there is no support for cluster-wide filesystem 10 | mounting on the remote container. The only volumes supported are: `Secret`, 11 | `ConfigMap`, `EmptyDir` 12 | - **InCluster pod-to-pod network**: we are in the middle of the beta period to 13 | release this feature! 14 | 15 | :::note 16 | 17 | Reach out to us if you are willing to test the network implementation as beta 18 | users! 19 | 20 | ::: 21 | 22 | That's all. If you find anything else, feel free to let it know filing a github 23 | issue. 24 | -------------------------------------------------------------------------------- /docs/versioned_docs/version-0.4.x/arch.mdx: -------------------------------------------------------------------------------- 1 | --- 2 | sidebar_position: 2 3 | --- 4 | import ThemedImage from '@theme/ThemedImage'; 5 | import useBaseUrl from '@docusaurus/useBaseUrl'; 6 | 7 | # Architecture 8 | 9 | InterLink aims to provide an abstraction for the execution of a Kubernetes pod on any remote resource capable of managing a Container execution lifecycle. 10 | 11 | The project consists of two main components: 12 | 13 | - __A Kubernetes Virtual Node:__ based on the [VirtualKubelet](https://virtual-kubelet.io/) technology. Translating request for a kubernetes pod execution into a remote call to the interLink API server. 14 | - __The interLink API server:__ a modular and pluggable REST server where you can create your own Container manager plugin (called sidecars), or use the existing ones: remote docker execution on a remote host, singularity Container on a remote SLURM batch system. 15 | 16 | The project got inspired by the [KNoC](https://github.com/CARV-ICS-FORTH/knoc) and [Liqo](https://github.com/liqotech/liqo/tree/master) projects, enhancing that with the implemention a generic API layer b/w the virtual kubelet component and the provider logic for the container lifecycle management. 17 | 18 | 25 | -------------------------------------------------------------------------------- /docs/versioned_docs/version-0.4.x/cookbook/2-incluster.mdx: -------------------------------------------------------------------------------- 1 | --- 2 | sidebar_position: 3 3 | --- 4 | 5 | import Tabs from "@theme/Tabs"; 6 | import TabItem from "@theme/TabItem"; 7 | import ThemedImage from "@theme/ThemedImage"; 8 | import useBaseUrl from "@docusaurus/useBaseUrl"; 9 | 10 | # In-cluster deployment 11 | 12 | Deploy interLink in the local K8S cluster. 13 | 14 | 21 | 22 | ## Install interLink 23 | 24 | ### Deploy Kubernetes components 25 | 26 | The deployment of the Kubernetes components are managed by the official 27 | [HELM chart](https://github.com/interlink-hq/interlink-helm-chart). Depending on 28 | the scenario you selected, there might be additional operations to be done. 29 | 30 | - Create an helm values file: 31 | 32 | ```yaml title="values.yaml" 33 | nodeName: interlink-with-socket 34 | 35 | plugin: 36 | enabled: true 37 | image: "plugin docker image here" 38 | command: ["/bin/bash", "-c"] 39 | args: ["/app/plugin"] 40 | config: | 41 | your plugin 42 | configuration 43 | goes here!!! 44 | socket: unix:///var/run/plugin.sock 45 | 46 | interlink: 47 | enabled: true 48 | socket: unix:///var/run/interlink.sock 49 | ``` 50 | 51 | Eventually deploy the latest release of the official: 52 | 53 | ```bash 54 | export INTERLINK_CHART_VERSION="X.X.X" 55 | helm upgrade --install \ 56 | --create-namespace \ 57 | -n interlink \ 58 | my-node \ 59 | oci://ghcr.io/interlink-hq/interlink-helm-chart/interlink \ 60 | --version $INTERLINK_CHART_VERSION \ 61 | --values ./interlink/manifests/values.yaml 62 | ``` 63 | 64 | :::warning 65 | 66 | Remember to pick the 67 | [version of the chart](https://github.com/interlink-hq/interlink-helm-chart/blob/main/interlink/Chart.yaml#L18) 68 | and put it into the `INTERLINK_CHART_VERSION` env var above. 69 | 70 | ::: 71 | 72 | Whenever you see the node ready, you are good to go! 73 | 74 | :::note 75 | 76 | You can find a demo pod to test your setup 77 | [here](../guides/develop-a-plugin#lets-test-is-out). 78 | 79 | ::: 80 | 81 | To start debugging in case of problems we suggest starting from the pod 82 | containers logs! 83 | -------------------------------------------------------------------------------- /docs/versioned_docs/version-0.4.x/cookbook/3-tunneled.mdx: -------------------------------------------------------------------------------- 1 | --- 2 | sidebar_position: 3 3 | --- 4 | 5 | import Tabs from "@theme/Tabs"; 6 | import TabItem from "@theme/TabItem"; 7 | import ThemedImage from "@theme/ThemedImage"; 8 | import useBaseUrl from "@docusaurus/useBaseUrl"; 9 | 10 | # Tunneled deployment 11 | 12 | Deploy interLink components in both systems, linked through a tunnelled 13 | communication. 14 | 15 | 22 | 23 | ## Install interLink 24 | 25 | ### Deploy Remote components 26 | 27 | :::note 28 | 29 | We do have case studies already implementing it, if you are interested reach out 30 | to the slack channel. 31 | 32 | ::: 33 | -------------------------------------------------------------------------------- /docs/versioned_docs/version-0.4.x/cookbook/_category_.json: -------------------------------------------------------------------------------- 1 | { 2 | "label": "Cookbook", 3 | "position": 3, 4 | "link": { 5 | "type": "generated-index", 6 | "description": "Practical recipes for different deployment scenarios." 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /docs/versioned_docs/version-0.4.x/guides/01-deploy-interlink.mdx: -------------------------------------------------------------------------------- 1 | --- 2 | sidebar_position: 1 3 | --- 4 | 5 | import ThemedImage from "@theme/ThemedImage"; 6 | import useBaseUrl from "@docusaurus/useBaseUrl"; 7 | 8 | # Deploy your plugin 9 | 10 | ## Attach your favorite plugin or develop one! (remote host) 11 | 12 | [Next chapter](./develop-a-plugin) will show the basics for developing a new 13 | plugin following the interLink openAPI spec. 14 | 15 | In alterative you can start an already supported one. 16 | 17 | ### Remote SLURM job submission 18 | 19 | If you manage a SLURM batch system, and you satisfy the requirements below, you 20 | can offload pod from a kubernetes cluster to your batch system, using interLink 21 | SLURM plugin of course. 22 | 23 | - [github.com/interlink-hq/interlink-slurm-plugin](https://github.com/interlink-hq/interlink-slurm-plugin) 24 | 25 | #### Requirements 26 | 27 | - a SLURM CLI available on the remote host and configured to interact with the 28 | computing cluster 29 | - a sharedFS with all the worker nodes 30 | - an experimental feature is available for cases in which this is not possible 31 | 32 | #### Configuration 33 | 34 | Please refer to either the plugin repository or the 35 | [cookbook](../cookbook/1-edge.mdx) for more information. 36 | 37 | ### Create UNICORE jobs to run on HPC centers 38 | 39 | [UNICORE](https://www.unicore.eu/) (Uniform Interface to Computing Resources) 40 | offers a ready-to-run system including client and server software. UNICORE makes 41 | distributed computing and data resources available in a seamless and secure way 42 | in intranets and the internet. 43 | 44 | - [UNICORE plugin](https://github.com/interlink-hq/interlink-unicore-plugin) 45 | 46 | #### Configuration 47 | 48 | Please refer to either the plugin repository for more information. 49 | 50 | ### Remote docker execution 51 | 52 | You get a VM from you cloud provider, with some GPUs maybe. You can attach it to 53 | your Kubernetes cluster using interLink docker plugin. 54 | 55 | - [Docker plugin repository](https://github.com/interlink-hq/interlink-docker-plugin) 56 | 57 | #### Configuration 58 | 59 | Please refer to either the plugin repository or the 60 | [cookbook](../cookbook/1-edge.mdx) for more information. 61 | 62 | ### Submit pods to HTcondor or ARC batch systems 63 | 64 | - [HTCondor plugin repository](https://github.com/interlink-hq/interlink-htcondor-plugin) 65 | - [ARC plugin repository](https://github.com/interlink-hq/interlink-arc-plugin) 66 | 67 | ### Remote Kubernetes Plugin 68 | 69 | InterLink plugin to extend the capabilities of existing Kubernetes clusters, 70 | enabling them to offload workloads to another remote cluster. The plugin 71 | supports the offloading of PODs that expose HTTP endpoints (i.e., HTTP 72 | Microservices). 73 | 74 | - [Interlink Kubernetes Plugin](https://baltig.infn.it/mgattari/interlink-kubernetes-plugin) 75 | 76 | #### Configuration 77 | 78 | Please refer to either the plugin repository or the 79 | [cookbook](../cookbook/1-edge.mdx) for more information. 80 | 81 | ## Test your setup 82 | 83 | Please find a demo pod to test your setup 84 | [here](./develop-a-plugin#lets-test-is-out). 85 | -------------------------------------------------------------------------------- /docs/versioned_docs/version-0.4.x/guides/02-develop-a-plugin.md: -------------------------------------------------------------------------------- 1 | --- 2 | sidebar_position: 2 3 | --- 4 | 5 | # Develop an interLink plugin 6 | 7 | Learn how to develop your interLink plugin to manage containers on your remote 8 | host. 9 | 10 | We are going to follow up 11 | [the setup of an interlink node](../cookbook/1-edge.mdx) with the last piece of 12 | the puzzle: 13 | 14 | - setup of a python SDK 15 | - demoing the fundamentals development of a plugin executing containers locally 16 | through the host docker daemon 17 | 18 | :::warning 19 | 20 | The python SDK also produce an openAPI spec through FastAPI, therefore you can 21 | use any language you want as long as the API spec is satisfied. 22 | 23 | ::: 24 | 25 | ## Setup the python SDK 26 | 27 | ### Requirements 28 | 29 | - The tutorial is done on a Ubuntu VM, but there are not hard requirements 30 | around that 31 | - Python>=3.10 and pip (`sudo apt install -y python3-pip`) 32 | - Any python IDE will work and it is strongly suggested to use one :) 33 | - A [docker engine running](https://docs.docker.com/engine/install/) 34 | 35 | ### Install the SDK 36 | 37 | Look for the latest release on 38 | [the release page](https://github.com/interlink-hq/interLink/releases) and set 39 | the environment variable `VERSION` to it. Then you are ready to install the 40 | python SDK with: 41 | 42 | ```bash 43 | #export VERSION=X.X.X 44 | #pip install "uvicorn[standard]" "git+https://github.com/interlink-hq/interlink-plugin-sdk@${VERSION}" 45 | 46 | # Or download the latest one with 47 | pip install "uvicorn[standard]" "git+https://github.com/interlink-hq/interlink-plugin-sdk" 48 | 49 | ``` 50 | 51 | In the next section we are going to leverage the provider class of SDK to create 52 | our own plugin. 53 | -------------------------------------------------------------------------------- /docs/versioned_docs/version-0.4.x/guides/03-api-reference.mdx: -------------------------------------------------------------------------------- 1 | --- 2 | sidebar_position: 3 3 | --- 4 | 5 | # OpenAPI references 6 | 7 | ## Plugin API spec 8 | 9 | Please find the sidecar OpenAPI JSON spec can be found [here](/plugin-openapi). 10 | 11 | import ApiDocMdx from "@theme/ApiDocMdx"; 12 | 13 | 14 | 15 | ## interLink API spec 16 | 17 | Please find the interLink OpenAPI JSON spec can be found 18 | [here](/interlink-openapi). 19 | 20 | 21 | -------------------------------------------------------------------------------- /docs/versioned_docs/version-0.4.x/guides/04-oidc-IAM.md: -------------------------------------------------------------------------------- 1 | --- 2 | sidebar_position: 4 3 | --- 4 | 5 | import ThemedImage from "@theme/ThemedImage"; 6 | import useBaseUrl from "@docusaurus/useBaseUrl"; 7 | 8 | # Configure OpenID connect identity providers 9 | 10 | We support any OpenID compliant identity provider and also GitHub authN 11 | workflow. 12 | 13 | ## GitHub authN 14 | 15 | ### Requirements 16 | 17 | - **kubectl host**: an host with MiniKube installed and running 18 | - A GitHub account 19 | - **remote host**: A "remote" machine with a port that is reachable by the 20 | MiniKube host 21 | 22 | ### Create an OAuth GitHub app 23 | 24 | As a first step, you need to create a GitHub OAuth application to allow 25 | interLink to make authentication between your Kubernetes cluster and the remote 26 | endpoint. 27 | 28 | Head to [https://github.com/settings/apps](https://github.com/settings/apps) and 29 | click on `New GitHub App`. You should now be looking at a form like this: 30 | 31 | 35 | 36 | Provide a name for the OAuth2 application, e.g. `interlink-demo-test`, and you 37 | can skip the description, unless you want to provide one for future reference. 38 | For our purpose Homepage reference is also not used, so fill free to put there 39 | `https://interlink-hq.github.io/interLink/`. 40 | 41 | Check now that refresh token and device flow authentication: 42 | 43 | 47 | 48 | Disable webhooks and save clicking on `Create GitHub App` 49 | 50 | 54 | 55 | You can click then on your application that should now appear at 56 | [https://github.com/settings/apps](https://github.com/settings/apps) and you 57 | need to save two strings: the `Client ID` and clicking on 58 | `Generate a new client secret` you should be able to note down the relative 59 | `Client Secret`. 60 | 61 | Now it's all set for the next steps. You should be able to set it for 62 | authenticating the virtual kubelet with the interLink remote components with the 63 | following piece of the installer configuration: 64 | 65 | ```yaml 66 | oauth: 67 | provider: github 68 | issuer: https://github.com/oauth 69 | grant_type: authorization_code 70 | scopes: 71 | - "read:user" 72 | github_user: "GH USERNAME HERE" 73 | token_url: "https://github.com/login/oauth/access_token" 74 | device_code_url: "https://github.com/login/device/code" 75 | client_id: "XXXXXXX" 76 | client_secret: "XXXXXXXX" 77 | ``` 78 | 79 | ## EGI Check-in 80 | 81 | If you have an account for [EGI check-in](https://aai.egi.eu), you should be 82 | able to set it for authenticating the virtual kubelet with the interLink remote 83 | components with the following piece of the installer configuration: 84 | 85 | ```yaml 86 | oauth: 87 | provider: oidc 88 | issuer: https://aai.egi.eu/auth/realms/egi 89 | scopes: 90 | - "openid" 91 | - "email" 92 | - "offline_access" 93 | - "profile" 94 | audience: interlink 95 | grant_type: authorization_code 96 | group_claim: email 97 | group: "YOUR EMAIL HERE" 98 | token_url: "https://aai.egi.eu/auth/realms/egi/protocol/openid-connect/token" 99 | device_code_url: "https://aai.egi.eu/auth/realms/egi/protocol/openid-connect/auth/device" 100 | client_id: "oidc-agent" 101 | client_secret: "" 102 | ``` 103 | 104 | :::danger 105 | 106 | Remember to put your email in the group field! 107 | 108 | ::: 109 | 110 | ## Indigo IAM 111 | 112 | If you have an account for [Indigo IAM](https://iam.cloud.infn.it/), you should 113 | be able to set it for authenticating the virtual kubelet with the interLink 114 | remote components. Follow those steps to setup a new client in the IAM portal 115 | and get the necessary information to fill the configuration. This guide is 116 | specific for the IAM portal 117 | [https://iam.cloud.infn.it/](https://iam.cloud.infn.it/) but it should be 118 | similar for other IAM portals that are OpenID compliant. 119 | 120 | 1. Go to the [IAM portal](https://iam.cloud.infn.it/) and log in. 121 | 2. After logging in, click on the `My clients` tab on the left side of the page 122 | and then select `New client` as shown in the images below. 123 | 124 | ![Go to my clients](./img/iam-client0.png) 125 | ![Create a new client](./img/iam-client1.png) 3. Set a name you prefer for the 126 | client. 4. Select the `Scopes` tab and add the following scopes: `openid`, 127 | `email`, `offline_access`, `profile`, `wlcg`, `wlcg.groups`. 5. Select the 128 | `Grant types` tab and add the following grant types: `authorization_code`, 129 | `client_credentials`, `refresh_token`, 130 | `urn:ietf:params:oauth:grant-type:device_code`. 6. Save the client by pressing 131 | the `Save client` button. 132 | 133 | After creating the client, you will be able to see the new client in the 134 | `My clients` page as show in the image below. 135 | 136 | ![Check the created client](./img/iam-client2.png) 137 | 138 | You can click on the client to see the client details. You will find the 139 | `Client id` under the `Main` tab and the `Client secret` under the `Credentials` 140 | tab. Now, with those information, you can fill this piece of the installer 141 | configuration: 142 | 143 | ```yaml 144 | oauth: 145 | provider: oidc 146 | issuer: "https://iam.cloud.infn.it/" 147 | scopes: 148 | - "openid" 149 | - "email" 150 | - "offline_access" 151 | - "profile" 152 | audience: users 153 | grant_type: authorization_code 154 | group_claim: email 155 | group: "YOUR EMAIL HERE" 156 | token_url: "https://iam.cloud.infn.it/token" 157 | device_code_url: "https://iam.cloud.infn.it/devicecode" 158 | client_id: "YOUR CLIENT ID HERE" 159 | client_secret: "YOUR CLIENT SECRET HERE" 160 | ``` 161 | -------------------------------------------------------------------------------- /docs/versioned_docs/version-0.4.x/guides/_category_.json: -------------------------------------------------------------------------------- 1 | { 2 | "label": "Admin guides", 3 | "position": 4, 4 | "link": { 5 | "type": "generated-index", 6 | "description": "Learn how to deploy and adapt interLink plugins for your use case." 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /docs/versioned_docs/version-0.4.x/guides/img/dashboard.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/interlink-hq/interLink/bcd8b82419750774d1dcf31b9756249782b2ebda/docs/versioned_docs/version-0.4.x/guides/img/dashboard.png -------------------------------------------------------------------------------- /docs/versioned_docs/version-0.4.x/guides/img/docsVersionDropdown.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/interlink-hq/interLink/bcd8b82419750774d1dcf31b9756249782b2ebda/docs/versioned_docs/version-0.4.x/guides/img/docsVersionDropdown.png -------------------------------------------------------------------------------- /docs/versioned_docs/version-0.4.x/guides/img/iam-client0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/interlink-hq/interLink/bcd8b82419750774d1dcf31b9756249782b2ebda/docs/versioned_docs/version-0.4.x/guides/img/iam-client0.png -------------------------------------------------------------------------------- /docs/versioned_docs/version-0.4.x/guides/img/iam-client1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/interlink-hq/interLink/bcd8b82419750774d1dcf31b9756249782b2ebda/docs/versioned_docs/version-0.4.x/guides/img/iam-client1.png -------------------------------------------------------------------------------- /docs/versioned_docs/version-0.4.x/guides/img/iam-client2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/interlink-hq/interLink/bcd8b82419750774d1dcf31b9756249782b2ebda/docs/versioned_docs/version-0.4.x/guides/img/iam-client2.png -------------------------------------------------------------------------------- /docs/versioned_docs/version-0.4.x/guides/img/localeDropdown.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/interlink-hq/interLink/bcd8b82419750774d1dcf31b9756249782b2ebda/docs/versioned_docs/version-0.4.x/guides/img/localeDropdown.png -------------------------------------------------------------------------------- /docs/versioned_docs/version-0.4.x/guides/img/vk_tracing.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/interlink-hq/interLink/bcd8b82419750774d1dcf31b9756249782b2ebda/docs/versioned_docs/version-0.4.x/guides/img/vk_tracing.png -------------------------------------------------------------------------------- /docs/versioned_docs/version-0.5.x/Limitations.md: -------------------------------------------------------------------------------- 1 | --- 2 | sidebar_position: 6 3 | --- 4 | 5 | # Current limitations 6 | 7 | It's not black magic, we have to pay something: 8 | 9 | - **Cluster wide shared FS**: there is no support for cluster-wide filesystem 10 | mounting on the remote container. The only volumes supported are: `Secret`, 11 | `ConfigMap`, `EmptyDir` 12 | - **InCluster pod-to-pod network**: we are in the middle of the beta period to 13 | release this feature! 14 | 15 | :::note 16 | 17 | Reach out to us if you are willing to test the network implementation as beta 18 | users! 19 | 20 | ::: 21 | 22 | That's all. If you find anything else, feel free to let it know filing a github 23 | issue. 24 | -------------------------------------------------------------------------------- /docs/versioned_docs/version-0.5.x/arch.mdx: -------------------------------------------------------------------------------- 1 | --- 2 | sidebar_position: 2 3 | --- 4 | import ThemedImage from '@theme/ThemedImage'; 5 | import useBaseUrl from '@docusaurus/useBaseUrl'; 6 | 7 | # Architecture 8 | 9 | InterLink aims to provide an abstraction for the execution of a Kubernetes pod on any remote resource capable of managing a Container execution lifecycle. 10 | 11 | The project consists of two main components: 12 | 13 | - __A Kubernetes Virtual Node:__ based on the [VirtualKubelet](https://virtual-kubelet.io/) technology. Translating request for a kubernetes pod execution into a remote call to the interLink API server. 14 | - __The interLink API server:__ a modular and pluggable REST server where you can create your own Container manager plugin (called sidecars), or use the existing ones: remote docker execution on a remote host, singularity Container on a remote SLURM batch system. 15 | 16 | The project got inspired by the [KNoC](https://github.com/CARV-ICS-FORTH/knoc) and [Liqo](https://github.com/liqotech/liqo/tree/master) projects, enhancing that with the implemention a generic API layer b/w the virtual kubelet component and the provider logic for the container lifecycle management. 17 | 18 | 25 | -------------------------------------------------------------------------------- /docs/versioned_docs/version-0.5.x/cookbook/2-incluster.mdx: -------------------------------------------------------------------------------- 1 | --- 2 | sidebar_position: 3 3 | --- 4 | 5 | import Tabs from "@theme/Tabs"; 6 | import TabItem from "@theme/TabItem"; 7 | import ThemedImage from "@theme/ThemedImage"; 8 | import useBaseUrl from "@docusaurus/useBaseUrl"; 9 | 10 | # In-cluster deployment 11 | 12 | Deploy interLink in the local K8S cluster. 13 | 14 | 21 | 22 | ## Install interLink 23 | 24 | ### Deploy Kubernetes components 25 | 26 | The deployment of the Kubernetes components are managed by the official 27 | [HELM chart](https://github.com/interlink-hq/interlink-helm-chart). Depending on 28 | the scenario you selected, there might be additional operations to be done. 29 | 30 | - Create an helm values file: 31 | 32 | ```yaml title="values.yaml" 33 | nodeName: interlink-in-cluster 34 | 35 | interlink: 36 | enabled: true 37 | address: http://localhost 38 | port: 3000 39 | logging: 40 | verboseLogging: true 41 | 42 | plugin: 43 | enabled: true 44 | image: "ghcr.io/interlink-hq/interlink-sidecar-slurm/interlink-sidecar-slurm:0.5.1" 45 | address: "http://localhost" 46 | port: 4000 47 | privileged: true 48 | extraVolumeMounts: 49 | - name: plugin-data 50 | mountPath: /slurm-data 51 | envs: 52 | - name: SLURMCONFIGPATH 53 | value: "/etc/interlink/plugin.yaml" 54 | - name: SHARED_FS 55 | values: "true" 56 | config: | 57 | #Socket: "unix:///var/run/plugin.sock" 58 | ImagePrefix: "docker://" 59 | SidecarPort: 4000 60 | VerboseLogging: true 61 | ErrorsOnlyLogging: false 62 | DataRootFolder: "/slurm-data/" 63 | ExportPodData: true 64 | SbatchPath: "/usr/bin/sbatch" 65 | ScancelPath: "/usr/bin/scancel" 66 | SqueuePath: "/usr/bin/squeue" 67 | CommandPrefix: "" 68 | SingularityPrefix: "" 69 | Namespace: "vk" 70 | Tsocks: false 71 | TsocksPath: "$WORK/tsocks-1.8beta5+ds1/libtsocks.so" 72 | TsocksLoginNode: "login01" 73 | BashPath: /bin/bash 74 | 75 | virtualNode: 76 | resources: 77 | CPUs: 4 78 | memGiB: 16 79 | pods: 50 80 | 81 | extraVolumes: 82 | - name: plugin-data 83 | hostPath: 84 | path: /tmp/test 85 | type: DirectoryOrCreate 86 | ``` 87 | 88 | Eventually deploy the latest release of the official: 89 | 90 | ```bash 91 | export INTERLINK_CHART_VERSION="X.X.X" 92 | helm upgrade --install \ 93 | --create-namespace \ 94 | -n interlink \ 95 | my-node \ 96 | oci://ghcr.io/interlink-hq/interlink-helm-chart/interlink \ 97 | --version $INTERLINK_CHART_VERSION \ 98 | --values values.yaml 99 | ``` 100 | 101 | :::warning 102 | 103 | Remember to pick the 104 | [version of the chart](https://github.com/interlink-hq/interlink-helm-chart/blob/main/interlink/Chart.yaml#L18) 105 | and put it into the `INTERLINK_CHART_VERSION` env var above. 106 | 107 | ::: 108 | 109 | Whenever you see the node ready, you are good to go! 110 | 111 | :::note 112 | 113 | You can find a demo pod to test your setup 114 | [here](../guides/develop-a-plugin#lets-test-is-out). 115 | 116 | ::: 117 | 118 | To start debugging in case of problems we suggest starting from the pod 119 | containers logs! 120 | 121 | #### Verify the setup 122 | 123 | Test the complete setup: 124 | 125 | ```bash 126 | # Check if node appears in Kubernetes 127 | kubectl get nodes 128 | 129 | # Deploy a test pod 130 | kubectl apply -f - < 14 | 15 | ## interLink API spec 16 | 17 | Please find the interLink OpenAPI JSON spec can be found 18 | [here](/interlink-openapi). 19 | 20 | 21 | -------------------------------------------------------------------------------- /docs/versioned_docs/version-0.5.x/guides/_category_.json: -------------------------------------------------------------------------------- 1 | { 2 | "label": "Admin guides", 3 | "position": 4, 4 | "link": { 5 | "type": "generated-index", 6 | "description": "Learn how to deploy and adapt interLink plugins for your use case." 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /docs/versioned_docs/version-0.5.x/guides/img/dashboard.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/interlink-hq/interLink/bcd8b82419750774d1dcf31b9756249782b2ebda/docs/versioned_docs/version-0.5.x/guides/img/dashboard.png -------------------------------------------------------------------------------- /docs/versioned_docs/version-0.5.x/guides/img/docsVersionDropdown.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/interlink-hq/interLink/bcd8b82419750774d1dcf31b9756249782b2ebda/docs/versioned_docs/version-0.5.x/guides/img/docsVersionDropdown.png -------------------------------------------------------------------------------- /docs/versioned_docs/version-0.5.x/guides/img/iam-client0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/interlink-hq/interLink/bcd8b82419750774d1dcf31b9756249782b2ebda/docs/versioned_docs/version-0.5.x/guides/img/iam-client0.png -------------------------------------------------------------------------------- /docs/versioned_docs/version-0.5.x/guides/img/iam-client1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/interlink-hq/interLink/bcd8b82419750774d1dcf31b9756249782b2ebda/docs/versioned_docs/version-0.5.x/guides/img/iam-client1.png -------------------------------------------------------------------------------- /docs/versioned_docs/version-0.5.x/guides/img/iam-client2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/interlink-hq/interLink/bcd8b82419750774d1dcf31b9756249782b2ebda/docs/versioned_docs/version-0.5.x/guides/img/iam-client2.png -------------------------------------------------------------------------------- /docs/versioned_docs/version-0.5.x/guides/img/localeDropdown.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/interlink-hq/interLink/bcd8b82419750774d1dcf31b9756249782b2ebda/docs/versioned_docs/version-0.5.x/guides/img/localeDropdown.png -------------------------------------------------------------------------------- /docs/versioned_docs/version-0.5.x/guides/img/vk_tracing.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/interlink-hq/interLink/bcd8b82419750774d1dcf31b9756249782b2ebda/docs/versioned_docs/version-0.5.x/guides/img/vk_tracing.png -------------------------------------------------------------------------------- /docs/versioned_sidebars/version-0.4.x-sidebars.json: -------------------------------------------------------------------------------- 1 | { 2 | "tutorialSidebar": [ 3 | { 4 | "type": "autogenerated", 5 | "dirName": "." 6 | } 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /docs/versioned_sidebars/version-0.5.x-sidebars.json: -------------------------------------------------------------------------------- 1 | { 2 | "tutorialSidebar": [ 3 | { 4 | "type": "autogenerated", 5 | "dirName": "." 6 | } 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /docs/versions.json: -------------------------------------------------------------------------------- 1 | [ 2 | "0.5.x", 3 | "0.4.x" 4 | ] 5 | -------------------------------------------------------------------------------- /example/.gitignore: -------------------------------------------------------------------------------- 1 | .venv 2 | -------------------------------------------------------------------------------- /example/debug.sh: -------------------------------------------------------------------------------- 1 | docker run -d --name plugin -p 4000:4000 --privileged -v ./example/plugin-config.yaml:/etc/interlink/InterLinkConfig.yaml -e SHARED_FS=true -e SLURMCONFIGPATH=/etc/interlink/InterLinkConfig.yaml ghcr.io/interlink-hq/interlink-sidecar-slurm/interlink-sidecar-slurm:0.4.0 2 | 3 | docker run -d -p 3000:3000 --name interlink -v ./example/interlink-config.yaml:/etc/interlink/InterLinkConfig.yaml -e INTERLINKCONFIGPATH=/etc/interlink/InterLinkConfig.yaml ghcr.io/interlink-hq/interlink/interlink:0.4.0 4 | 5 | export NODENAME=virtual-kubelet 6 | export KUBELET_PORT=10251 7 | export KUBELET_URL=0.0.0.0 8 | export POD_IP=192.168.5.2 9 | export CONFIGPATH=$PWD/ci/manifests/virtual-kubelet-local.yaml 10 | export KUBECONFIG=~/.kube/config 11 | export KUBELET_URL=0.0.0.0 12 | 13 | dlv debug ./cmd/virtual-kubelet/main.go 14 | -------------------------------------------------------------------------------- /example/interlink-config.yaml: -------------------------------------------------------------------------------- 1 | # apiVersion: v1 2 | # kind: ConfigMap 3 | # metadata: 4 | # name: "interlink-config" 5 | # namespace: interlink 6 | # data: 7 | # InterLinkConfig.yaml: | 8 | #InterlinkAddress: "unix:///var/run/interlink.socket" 9 | InterlinkAddress: "http://0.0.0.0" 10 | InterlinkPort: "3000" 11 | #sidecarURL: "http://plugin" 12 | SidecarURL: "http://172.17.0.1" 13 | SidecarPort: "4000" 14 | VerboseLogging: true 15 | ErrorsOnlyLogging: false 16 | DataRootFolder: "~/.interlink" 17 | -------------------------------------------------------------------------------- /example/plugin-config.yaml: -------------------------------------------------------------------------------- 1 | InterlinkURL: "http://interlink" 2 | InterlinkPort: "3000" 3 | SidecarURL: "http://0.0.0.0" 4 | SidecarPort: "4000" 5 | VerboseLogging: true 6 | ErrorsOnlyLogging: false 7 | # NEEDED PATH FOR GITHUB ACTIONS 8 | #DataRootFolder: "/home/runner/work/interLink/interLink/.interlink/" 9 | # on your host use something like: 10 | DataRootFolder: "/home/ubuntu/.interlink/" 11 | ExportPodData: true 12 | SbatchPath: "/usr/bin/sbatch" 13 | ScancelPath: "/usr/bin/scancel" 14 | SqueuePath: "/usr/bin/squeue" 15 | CommandPrefix: "" 16 | SingularityPrefix: "" 17 | Namespace: "vk" 18 | Tsocks: false 19 | TsocksPath: "$WORK/tsocks-1.8beta5+ds1/libtsocks.so" 20 | TsocksLoginNode: "login01" 21 | BashPath: /bin/bash 22 | -------------------------------------------------------------------------------- /example/test_pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: interlink-quickstart 5 | namespace: default 6 | spec: 7 | nodeSelector: 8 | kubernetes.io/hostname: virtual-kubelet 9 | automountServiceAccountToken: false 10 | containers: 11 | - args: 12 | - "600" 13 | command: 14 | - sleep 15 | image: "docker://ubuntu" 16 | imagePullPolicy: Always 17 | name: my-container 18 | resources: 19 | limits: 20 | cpu: "1" 21 | memory: 1Gi 22 | requests: 23 | cpu: "1" 24 | memory: 1Gi 25 | tolerations: 26 | - key: virtual-node.interlink/no-schedule 27 | operator: Exists 28 | - effect: NoExecute 29 | key: node.kubernetes.io/not-ready 30 | operator: Exists 31 | tolerationSeconds: 300 32 | - effect: NoExecute 33 | key: node.kubernetes.io/unreachable 34 | operator: Exists 35 | tolerationSeconds: 300 36 | 37 | -------------------------------------------------------------------------------- /example/vk-config.yaml: -------------------------------------------------------------------------------- 1 | InterlinkURL: "http://localhost" 2 | InterlinkPort: "3000" 3 | VerboseLogging: true 4 | ErrorsOnlyLogging: false 5 | ServiceAccount: "virtual-kubelet" 6 | Namespace: interlink 7 | VKTokenFile: "" 8 | Resources: 9 | CPU: "100" 10 | Memory: "128Gi" 11 | Pods: "100" 12 | HTTP: 13 | Insecure: true 14 | KubeletHTTP: 15 | Insecure: true 16 | 17 | -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module github.com/interlink-hq/interlink 2 | 3 | go 1.24.0 4 | 5 | toolchain go1.24.3 6 | 7 | require ( 8 | github.com/containerd/containerd v1.7.6 9 | github.com/google/uuid v1.6.0 10 | github.com/sirupsen/logrus v1.9.3 11 | github.com/spf13/cobra v1.8.1 12 | github.com/stretchr/testify v1.10.0 13 | github.com/swaggest/openapi-go v0.2.57 14 | github.com/virtual-kubelet/virtual-kubelet v1.11.0 15 | go.opentelemetry.io/otel v1.36.0 16 | go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.36.0 17 | go.opentelemetry.io/otel/sdk v1.36.0 18 | go.opentelemetry.io/otel/trace v1.36.0 19 | golang.org/x/crypto v0.38.0 20 | golang.org/x/oauth2 v0.27.0 21 | google.golang.org/grpc v1.72.2 22 | gopkg.in/yaml.v2 v2.4.0 23 | gopkg.in/yaml.v3 v3.0.1 24 | k8s.io/api v0.33.1 25 | k8s.io/apimachinery v0.33.1 26 | k8s.io/client-go v0.33.1 27 | k8s.io/cri-api v0.33.1 28 | k8s.io/cri-client v0.33.1 29 | k8s.io/kubelet v0.31.4 30 | k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 31 | ) 32 | 33 | require ( 34 | github.com/Microsoft/go-winio v0.6.2 // indirect 35 | github.com/beorn7/perks v1.0.1 // indirect 36 | github.com/blang/semver/v4 v4.0.0 // indirect 37 | github.com/cenkalti/backoff/v5 v5.0.2 // indirect 38 | github.com/cespare/xxhash/v2 v2.3.0 // indirect 39 | github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect 40 | github.com/emicklei/go-restful/v3 v3.11.0 // indirect 41 | github.com/fxamacker/cbor/v2 v2.7.0 // indirect 42 | github.com/go-logr/logr v1.4.2 // indirect 43 | github.com/go-logr/stdr v1.2.2 // indirect 44 | github.com/go-openapi/jsonpointer v0.21.0 // indirect 45 | github.com/go-openapi/jsonreference v0.20.2 // indirect 46 | github.com/go-openapi/swag v0.23.0 // indirect 47 | github.com/gogo/protobuf v1.3.2 // indirect 48 | github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect 49 | github.com/google/gnostic-models v0.6.9 // indirect 50 | github.com/google/go-cmp v0.7.0 // indirect 51 | github.com/gorilla/mux v1.8.1 // indirect 52 | github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // indirect 53 | github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.3 // indirect 54 | github.com/inconshreveable/mousetrap v1.1.0 // indirect 55 | github.com/josharian/intern v1.0.0 // indirect 56 | github.com/json-iterator/go v1.1.12 // indirect 57 | github.com/mailru/easyjson v0.7.7 // indirect 58 | github.com/moby/spdystream v0.5.0 // indirect 59 | github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect 60 | github.com/modern-go/reflect2 v1.0.2 // indirect 61 | github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect 62 | github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect 63 | github.com/pkg/errors v0.9.1 // indirect 64 | github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect 65 | github.com/prometheus/client_golang v1.22.0 // indirect 66 | github.com/prometheus/client_model v0.6.1 // indirect 67 | github.com/prometheus/common v0.62.0 // indirect 68 | github.com/prometheus/procfs v0.15.1 // indirect 69 | github.com/spf13/pflag v1.0.5 // indirect 70 | github.com/swaggest/jsonschema-go v0.3.73 // indirect 71 | github.com/swaggest/refl v1.3.1 // indirect 72 | github.com/x448/float16 v0.8.4 // indirect 73 | go.opencensus.io v0.24.0 // indirect 74 | go.opentelemetry.io/auto/sdk v1.1.0 // indirect 75 | go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.36.0 // indirect 76 | go.opentelemetry.io/otel/metric v1.36.0 // indirect 77 | go.opentelemetry.io/proto/otlp v1.7.0 // indirect 78 | golang.org/x/net v0.40.0 // indirect 79 | golang.org/x/sync v0.14.0 // indirect 80 | golang.org/x/sys v0.33.0 // indirect 81 | golang.org/x/term v0.32.0 // indirect 82 | golang.org/x/text v0.25.0 // indirect 83 | golang.org/x/time v0.9.0 // indirect 84 | google.golang.org/genproto/googleapis/api v0.0.0-20250528174236-200df99c418a // indirect 85 | google.golang.org/genproto/googleapis/rpc v0.0.0-20250528174236-200df99c418a // indirect 86 | google.golang.org/protobuf v1.36.6 // indirect 87 | gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect 88 | gopkg.in/inf.v0 v0.9.1 // indirect 89 | k8s.io/apiserver v0.31.4 // indirect 90 | k8s.io/component-base v0.33.1 // indirect 91 | k8s.io/klog/v2 v2.130.1 // indirect 92 | k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff // indirect 93 | sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect 94 | sigs.k8s.io/randfill v1.0.0 // indirect 95 | sigs.k8s.io/structured-merge-diff/v4 v4.6.0 // indirect 96 | sigs.k8s.io/yaml v1.4.0 // indirect 97 | ) 98 | 99 | replace github.com/virtual-kubelet/virtual-kubelet => github.com/superfly/virtual-kubelet v0.0.0-20250426133649-339b787d1205 100 | -------------------------------------------------------------------------------- /pkg/interlink/api/create.go: -------------------------------------------------------------------------------- 1 | package api 2 | 3 | import ( 4 | "bytes" 5 | "encoding/json" 6 | "fmt" 7 | "io" 8 | "net/http" 9 | "text/template" 10 | "time" 11 | 12 | "github.com/containerd/containerd/log" 13 | 14 | types "github.com/interlink-hq/interlink/pkg/interlink" 15 | 16 | "go.opentelemetry.io/otel" 17 | "go.opentelemetry.io/otel/attribute" 18 | trace "go.opentelemetry.io/otel/trace" 19 | ) 20 | 21 | // CreateHandler collects and lls needed ConfigMaps/Secrets/EmptyDirs to ship them to the sidecar, then sends a response to the client 22 | func (h *InterLinkHandler) CreateHandler(w http.ResponseWriter, r *http.Request) { 23 | start := time.Now().UnixMicro() 24 | tracer := otel.Tracer("interlink-API") 25 | _, span := tracer.Start(h.Ctx, "CreateAPI", trace.WithAttributes( 26 | attribute.Int64("start.timestamp", start), 27 | )) 28 | defer span.End() 29 | defer types.SetDurationSpan(start, span) 30 | defer types.SetInfoFromHeaders(span, &r.Header) 31 | 32 | log.G(h.Ctx).Info("InterLink: received Create call") 33 | 34 | var statusCode int 35 | 36 | bodyBytes, err := io.ReadAll(r.Body) 37 | if err != nil { 38 | statusCode = http.StatusInternalServerError 39 | w.WriteHeader(statusCode) 40 | log.G(h.Ctx).Error(err) 41 | return 42 | } 43 | 44 | var req *http.Request // request to forward to sidecar 45 | var pod types.PodCreateRequests // request for interlink 46 | err = json.Unmarshal(bodyBytes, &pod) 47 | if err != nil { 48 | statusCode = http.StatusInternalServerError 49 | log.G(h.Ctx).Error(err) 50 | w.WriteHeader(statusCode) 51 | return 52 | } 53 | 54 | span.SetAttributes( 55 | attribute.String("pod.name", pod.Pod.Name), 56 | attribute.String("pod.namespace", pod.Pod.Namespace), 57 | attribute.String("pod.uid", string(pod.Pod.UID)), 58 | ) 59 | 60 | data, err := getData(h.Ctx, h.Config, pod, span) 61 | if err != nil { 62 | statusCode = http.StatusInternalServerError 63 | log.G(h.Ctx).Error(err) 64 | w.WriteHeader(statusCode) 65 | return 66 | } 67 | 68 | if log.G(h.Ctx).Logger.IsLevelEnabled(log.DebugLevel) { 69 | // For debugging purpose only. 70 | allContainers := pod.Pod.Spec.InitContainers 71 | allContainers = append(allContainers, pod.Pod.Spec.Containers...) 72 | for _, container := range allContainers { 73 | for _, envVar := range container.Env { 74 | log.G(h.Ctx).Debug("InterLink VK environment variable to pod ", pod.Pod.Name, " container: ", container.Name, " env: ", envVar.Name, " value: ", envVar.Value) 75 | } 76 | } 77 | } 78 | 79 | // Here we fill the job.sh template is passed. 80 | switch { 81 | case pod.JobScriptBuilderURL != "": 82 | log.G(h.Ctx).Info("JobScriptBuilderURL: ", pod.JobScriptBuilderURL) 83 | if h.Config.JobScriptBuildConfig == nil { 84 | log.L.Error(fmt.Errorf("JobScript URL requested, but interlink does not have any Script build config set")) 85 | return 86 | } 87 | log.G(h.Ctx).Info("InterLink: asking JobScriptURL for job.sh") 88 | 89 | data.JobScriptBuild = *h.Config.JobScriptBuildConfig 90 | 91 | bodyBytes, err = json.Marshal(data) 92 | if err != nil { 93 | w.WriteHeader(http.StatusInternalServerError) 94 | log.G(h.Ctx).Error(err) 95 | return 96 | } 97 | log.G(h.Ctx).Debug(string(bodyBytes)) 98 | reader := bytes.NewReader(bodyBytes) 99 | req, err = http.NewRequest(http.MethodPost, pod.JobScriptBuilderURL, reader) 100 | if err != nil { 101 | log.L.Error(err) 102 | return 103 | } 104 | 105 | sessionContext := GetSessionContext(r) 106 | 107 | req.Header.Set("Content-Type", "application/json") 108 | bodyBytesResp, err := ReqWithError(h.Ctx, req, w, start, span, false, true, sessionContext, http.DefaultClient) 109 | if err != nil { 110 | log.L.Error(err) 111 | return 112 | } 113 | 114 | data.JobScript = string(bodyBytesResp) 115 | 116 | case h.Config.JobScriptTemplate != "": 117 | 118 | tmp, err := template.ParseFiles(h.Config.JobScriptTemplate) 119 | if err != nil { 120 | statusCode = http.StatusInternalServerError 121 | log.G(h.Ctx).Error(err) 122 | w.WriteHeader(statusCode) 123 | return 124 | } 125 | 126 | var tpl bytes.Buffer 127 | err = tmp.Execute(&tpl, data) 128 | if err != nil { 129 | statusCode = http.StatusInternalServerError 130 | log.G(h.Ctx).Error(err) 131 | w.WriteHeader(statusCode) 132 | return 133 | } 134 | 135 | data.JobScript = tpl.String() 136 | } 137 | 138 | // updated to handle single data 139 | retrievedData := data 140 | 141 | podIP, ok := retrievedData.Pod.Annotations["interlink.eu/pod-ip"] 142 | if ok { 143 | retrievedData.Pod.DeepCopy().Status.PodIP = podIP 144 | } 145 | bodyBytes, err = json.Marshal(retrievedData) 146 | if err != nil { 147 | w.WriteHeader(http.StatusInternalServerError) 148 | log.G(h.Ctx).Error(err) 149 | return 150 | } 151 | log.G(h.Ctx).Debug(string(bodyBytes)) 152 | reader := bytes.NewReader(bodyBytes) 153 | 154 | log.G(h.Ctx).Info(req) 155 | req, err = http.NewRequest(http.MethodPost, h.SidecarEndpoint+"/create", reader) 156 | if err != nil { 157 | statusCode = http.StatusInternalServerError 158 | w.WriteHeader(statusCode) 159 | log.G(h.Ctx).Error(err) 160 | return 161 | } 162 | 163 | log.G(h.Ctx).Info("InterLink: forwarding Create call to sidecar") 164 | 165 | sessionContext := GetSessionContext(r) 166 | _, err = ReqWithError(h.Ctx, req, w, start, span, true, false, sessionContext, h.ClientHTTP) 167 | if err != nil { 168 | log.L.Error(err) 169 | return 170 | } 171 | } 172 | -------------------------------------------------------------------------------- /pkg/interlink/api/delete.go: -------------------------------------------------------------------------------- 1 | package api 2 | 3 | import ( 4 | "bytes" 5 | "encoding/json" 6 | "io" 7 | "net/http" 8 | "time" 9 | 10 | "github.com/containerd/containerd/log" 11 | v1 "k8s.io/api/core/v1" 12 | 13 | types "github.com/interlink-hq/interlink/pkg/interlink" 14 | 15 | "go.opentelemetry.io/otel" 16 | "go.opentelemetry.io/otel/attribute" 17 | trace "go.opentelemetry.io/otel/trace" 18 | ) 19 | 20 | // DeleteHandler deletes the cached status for the provided Pod and forwards the request to the sidecar 21 | func (h *InterLinkHandler) DeleteHandler(w http.ResponseWriter, r *http.Request) { 22 | start := time.Now().UnixMicro() 23 | tracer := otel.Tracer("interlink-API") 24 | _, span := tracer.Start(h.Ctx, "DeleteAPI", trace.WithAttributes( 25 | attribute.Int64("start.timestamp", start), 26 | )) 27 | defer span.End() 28 | defer types.SetDurationSpan(start, span) 29 | defer types.SetInfoFromHeaders(span, &r.Header) 30 | 31 | log.G(h.Ctx).Info("InterLink: received Delete call") 32 | 33 | bodyBytes, err := io.ReadAll(r.Body) 34 | var statusCode int 35 | 36 | if err != nil { 37 | statusCode = http.StatusInternalServerError 38 | w.WriteHeader(statusCode) 39 | log.G(h.Ctx).Fatal(err) 40 | } 41 | 42 | var req *http.Request 43 | var pod *v1.Pod 44 | reader := bytes.NewReader(bodyBytes) 45 | err = json.Unmarshal(bodyBytes, &pod) 46 | if err != nil { 47 | statusCode = http.StatusInternalServerError 48 | w.WriteHeader(statusCode) 49 | log.G(h.Ctx).Fatal(err) 50 | } 51 | 52 | span.SetAttributes( 53 | attribute.String("pod.name", pod.Name), 54 | attribute.String("pod.namespace", pod.Namespace), 55 | attribute.String("pod.uid", string(pod.UID)), 56 | ) 57 | 58 | deleteCachedStatus(string(pod.UID)) 59 | req, err = http.NewRequest(http.MethodPost, h.SidecarEndpoint+"/delete", reader) 60 | if err != nil { 61 | statusCode = http.StatusInternalServerError 62 | w.WriteHeader(statusCode) 63 | log.G(h.Ctx).Error(err) 64 | return 65 | } 66 | 67 | req.Header.Set("Content-Type", "application/json") 68 | log.G(h.Ctx).Info("InterLink: forwarding Delete call to sidecar") 69 | sessionContext := GetSessionContext(r) 70 | _, err = ReqWithError(h.Ctx, req, w, start, span, true, false, sessionContext, h.ClientHTTP) 71 | if err != nil { 72 | log.L.Error(err) 73 | return 74 | } 75 | } 76 | -------------------------------------------------------------------------------- /pkg/interlink/api/logs.go: -------------------------------------------------------------------------------- 1 | package api 2 | 3 | import ( 4 | "bytes" 5 | "encoding/json" 6 | "errors" 7 | "io" 8 | "net/http" 9 | "time" 10 | 11 | "github.com/containerd/containerd/log" 12 | 13 | types "github.com/interlink-hq/interlink/pkg/interlink" 14 | 15 | "go.opentelemetry.io/otel" 16 | "go.opentelemetry.io/otel/attribute" 17 | trace "go.opentelemetry.io/otel/trace" 18 | ) 19 | 20 | func (h *InterLinkHandler) GetLogsHandler(w http.ResponseWriter, r *http.Request) { 21 | start := time.Now().UnixMicro() 22 | tracer := otel.Tracer("interlink-API") 23 | _, span := tracer.Start(h.Ctx, "GetLogsAPI", trace.WithAttributes( 24 | attribute.Int64("start.timestamp", start), 25 | )) 26 | defer span.End() 27 | defer types.SetDurationSpan(start, span) 28 | defer types.SetInfoFromHeaders(span, &r.Header) 29 | 30 | sessionContext := GetSessionContext(r) 31 | sessionContextMessage := GetSessionContextMessage(sessionContext) 32 | 33 | var statusCode int 34 | log.G(h.Ctx).Info(sessionContextMessage, "InterLink: received GetLogs call") 35 | bodyBytes, err := io.ReadAll(r.Body) 36 | if err != nil { 37 | log.G(h.Ctx).Fatal(sessionContextMessage, err) 38 | } 39 | 40 | log.G(h.Ctx).Info(sessionContextMessage, "InterLink: unmarshal GetLogs request") 41 | var req2 types.LogStruct // incoming request. To be used in interlink API. req is directly forwarded to sidecar 42 | err = json.Unmarshal(bodyBytes, &req2) 43 | if err != nil { 44 | statusCode = http.StatusInternalServerError 45 | w.WriteHeader(statusCode) 46 | log.G(h.Ctx).Error(sessionContextMessage, err) 47 | return 48 | } 49 | 50 | span.SetAttributes( 51 | attribute.String("pod.name", req2.PodName), 52 | attribute.String("pod.namespace", req2.Namespace), 53 | attribute.Int("opts.limitbytes", req2.Opts.LimitBytes), 54 | attribute.Int("opts.since", req2.Opts.SinceSeconds), 55 | attribute.Int64("opts.sincetime", req2.Opts.SinceTime.UnixMicro()), 56 | attribute.Int("opts.tail", req2.Opts.Tail), 57 | attribute.Bool("opts.follow", req2.Opts.Follow), 58 | attribute.Bool("opts.previous", req2.Opts.Previous), 59 | attribute.Bool("opts.timestamps", req2.Opts.Timestamps), 60 | ) 61 | 62 | log.G(h.Ctx).Info(sessionContextMessage, "InterLink: new GetLogs podUID: now ", req2.PodUID) 63 | if (req2.Opts.Tail != 0 && req2.Opts.LimitBytes != 0) || (req2.Opts.SinceSeconds != 0 && !req2.Opts.SinceTime.IsZero()) { 64 | statusCode = http.StatusInternalServerError 65 | w.WriteHeader(statusCode) 66 | 67 | if req2.Opts.Tail != 0 && req2.Opts.LimitBytes != 0 { 68 | _, err = w.Write([]byte("Both Tail and LimitBytes set. Set only one of them")) 69 | if err != nil { 70 | log.G(h.Ctx).Error(errors.New(sessionContextMessage + "Failed to write to http buffer")) 71 | } 72 | return 73 | } 74 | 75 | _, err = w.Write([]byte("Both SinceSeconds and SinceTime set. Set only one of them")) 76 | if err != nil { 77 | log.G(h.Ctx).Error(errors.New(sessionContextMessage + "Failed to write to http buffer")) 78 | } 79 | 80 | } 81 | 82 | log.G(h.Ctx).Info(sessionContextMessage, "InterLink: marshal GetLogs request ") 83 | 84 | bodyBytes, err = json.Marshal(req2) 85 | if err != nil { 86 | statusCode = http.StatusInternalServerError 87 | w.WriteHeader(statusCode) 88 | log.G(h.Ctx).Error(err) 89 | return 90 | } 91 | reader := bytes.NewReader(bodyBytes) 92 | log.G(h.Ctx).Info("Sending log request to: ", h.SidecarEndpoint) 93 | req, err := http.NewRequest(http.MethodGet, h.SidecarEndpoint+"/getLogs", reader) 94 | if err != nil { 95 | log.G(h.Ctx).Fatal(err) 96 | } 97 | 98 | req.Header.Set("Content-Type", "application/json") 99 | 100 | // logTransport := http.DefaultTransport.(*http.Transport).Clone() 101 | // // logTransport.DisableKeepAlives = true 102 | // // logTransport.MaxIdleConnsPerHost = -1 103 | // var logHTTPClient = &http.Client{Transport: logTransport} 104 | 105 | log.G(h.Ctx).Info(sessionContextMessage, "InterLink: forwarding GetLogs call to sidecar") 106 | _, err = ReqWithError(h.Ctx, req, w, start, span, true, false, sessionContext, h.ClientHTTP) 107 | if err != nil { 108 | log.L.Error(sessionContextMessage, err) 109 | return 110 | } 111 | } 112 | -------------------------------------------------------------------------------- /pkg/interlink/api/ping.go: -------------------------------------------------------------------------------- 1 | package api 2 | 3 | import ( 4 | "bytes" 5 | "encoding/json" 6 | "errors" 7 | "net/http" 8 | "strconv" 9 | "time" 10 | 11 | "github.com/containerd/containerd/log" 12 | v1 "k8s.io/api/core/v1" 13 | 14 | types "github.com/interlink-hq/interlink/pkg/interlink" 15 | 16 | "go.opentelemetry.io/otel" 17 | "go.opentelemetry.io/otel/attribute" 18 | trace "go.opentelemetry.io/otel/trace" 19 | ) 20 | 21 | // Ping is just a very basic Ping function 22 | func (h *InterLinkHandler) Ping(w http.ResponseWriter, r *http.Request) { 23 | start := time.Now().UnixMicro() 24 | tracer := otel.Tracer("interlink-API") 25 | _, span := tracer.Start(h.Ctx, "PingAPI", trace.WithAttributes( 26 | attribute.Int64("start.timestamp", start), 27 | )) 28 | defer span.End() 29 | defer types.SetDurationSpan(start, span) 30 | defer types.SetInfoFromHeaders(span, &r.Header) 31 | 32 | log.G(h.Ctx).Info("InterLink: received Ping call") 33 | 34 | podsToBeChecked := []*v1.Pod{} 35 | bodyBytes, err := json.Marshal(podsToBeChecked) 36 | if err != nil { 37 | log.G(h.Ctx).Error(err) 38 | } 39 | 40 | reader := bytes.NewReader(bodyBytes) 41 | req, err := http.NewRequest(http.MethodGet, h.SidecarEndpoint+"/status", reader) 42 | if err != nil { 43 | log.G(h.Ctx).Error(err) 44 | } 45 | 46 | log.G(h.Ctx).Info("InterLink: forwarding GetStatus call to sidecar") 47 | req.Header.Set("Content-Type", "application/json") 48 | log.G(h.Ctx).Debug(req) 49 | 50 | // ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) 51 | // defer cancel() 52 | // respPlugin, err := http.DefaultClient.Do(req) 53 | // respPlugin, err := DoReq(req.WithContext(ctx)) 54 | sessionContext := GetSessionContext(req) 55 | _, err = ReqWithError(h.Ctx, req, w, start, span, true, false, sessionContext, h.ClientHTTP) 56 | if err != nil { 57 | log.G(h.Ctx).Error(err) 58 | w.WriteHeader(http.StatusServiceUnavailable) 59 | _, err = w.Write([]byte(strconv.Itoa(http.StatusServiceUnavailable))) 60 | if err != nil { 61 | log.G(h.Ctx).Error(errors.New("failed to write to http buffer")) 62 | } 63 | return 64 | } 65 | // defer respPlugin.Body.Close() 66 | // 67 | // if respPlugin.StatusCode != http.StatusOK { 68 | // log.G(h.Ctx).Error("error pinging plugin") 69 | // w.WriteHeader(respPlugin.StatusCode) 70 | // _, err = w.Write([]byte(strconv.Itoa(http.StatusServiceUnavailable))) 71 | // if err != nil { 72 | // log.G(h.Ctx).Error(errors.New("Failed to write to http buffer")) 73 | // } 74 | // 75 | // return 76 | // } 77 | // 78 | // types.SetDurationSpan(start, span, types.WithHTTPReturnCode(respPlugin.StatusCode)) 79 | // 80 | // w.WriteHeader(http.StatusOK) 81 | // _, err = w.Write([]byte("0")) 82 | // if err != nil { 83 | // log.G(h.Ctx).Error(errors.New("Failed to write to http buffer")) 84 | // } 85 | } 86 | -------------------------------------------------------------------------------- /pkg/interlink/api/status.go: -------------------------------------------------------------------------------- 1 | package api 2 | 3 | import ( 4 | "bytes" 5 | "encoding/json" 6 | "errors" 7 | "fmt" 8 | "io" 9 | "net/http" 10 | "time" 11 | 12 | "github.com/containerd/containerd/log" 13 | v1 "k8s.io/api/core/v1" 14 | 15 | types "github.com/interlink-hq/interlink/pkg/interlink" 16 | 17 | "go.opentelemetry.io/otel" 18 | "go.opentelemetry.io/otel/attribute" 19 | trace "go.opentelemetry.io/otel/trace" 20 | ) 21 | 22 | func (h *InterLinkHandler) StatusHandler(w http.ResponseWriter, r *http.Request) { 23 | start := time.Now().UnixMicro() 24 | tracer := otel.Tracer("interlink-API") 25 | _, span := tracer.Start(h.Ctx, "StatusAPI", trace.WithAttributes( 26 | attribute.Int64("start.timestamp", start), 27 | )) 28 | defer span.End() 29 | defer types.SetDurationSpan(start, span) 30 | defer types.SetInfoFromHeaders(span, &r.Header) 31 | statusCode := http.StatusOK 32 | var pods []*v1.Pod 33 | log.G(h.Ctx).Info("InterLink: received GetStatus call") 34 | 35 | bodyBytes, err := io.ReadAll(r.Body) 36 | if err != nil { 37 | log.G(h.Ctx).Fatal(err) 38 | } 39 | 40 | err = json.Unmarshal(bodyBytes, &pods) 41 | if err != nil { 42 | errWithContext := fmt.Errorf("error doing fisrt Unmarshal() in StatusHandler() error detail: %s error: %w", fmt.Sprintf("%#v", err), err) 43 | log.G(h.Ctx).Error(errWithContext) 44 | } 45 | 46 | span.SetAttributes( 47 | attribute.Int("pods.count", len(pods)), 48 | ) 49 | 50 | var podsToBeChecked []*v1.Pod 51 | var returnedStatuses []types.PodStatus // returned from the query to the sidecar 52 | var returnPods []types.PodStatus // returned to the vk 53 | 54 | PodStatuses.mu.Lock() 55 | for _, pod := range pods { 56 | cached := checkIfCached(string(pod.UID)) 57 | if pod.Status.Phase == v1.PodRunning || pod.Status.Phase == v1.PodPending || !cached { 58 | podsToBeChecked = append(podsToBeChecked, pod) 59 | } 60 | span.AddEvent("Pod "+pod.Name+" is cached", trace.WithAttributes( 61 | attribute.String("pod.name", pod.Name), 62 | attribute.String("pod.namespace", pod.Namespace), 63 | attribute.String("pod.uid", string(pod.UID)), 64 | attribute.String("pod.phase", string(pod.Status.Phase)), 65 | )) 66 | } 67 | PodStatuses.mu.Unlock() 68 | 69 | if len(podsToBeChecked) > 0 { 70 | 71 | bodyBytes, err = json.Marshal(podsToBeChecked) 72 | if err != nil { 73 | log.G(h.Ctx).Fatal(err) 74 | } 75 | 76 | reader := bytes.NewReader(bodyBytes) 77 | req, err := http.NewRequest(http.MethodGet, h.SidecarEndpoint+"/status", reader) 78 | if err != nil { 79 | log.G(h.Ctx).Fatal(err) 80 | } 81 | 82 | log.G(h.Ctx).Info("InterLink: forwarding GetStatus call to sidecar") 83 | req.Header.Set("Content-Type", "application/json") 84 | 85 | sessionContext := GetSessionContext(r) 86 | bodyBytes, err = ReqWithError(h.Ctx, req, w, start, span, false, true, sessionContext, h.ClientHTTP) 87 | if err != nil { 88 | log.L.Error(err) 89 | return 90 | } 91 | 92 | err = json.Unmarshal(bodyBytes, &returnedStatuses) 93 | if err != nil { 94 | statusCode = http.StatusInternalServerError 95 | w.WriteHeader(statusCode) 96 | errWithContext := fmt.Errorf("error doing Unmarshal() in StatusHandler() of req %s error detail: %s error: %w", fmt.Sprintf("%#v", req), fmt.Sprintf("%#v", err), err) 97 | log.G(h.Ctx).Error(errWithContext) 98 | return 99 | } 100 | 101 | updateStatuses(returnedStatuses) 102 | types.SetDurationSpan(start, span, types.WithHTTPReturnCode(statusCode)) 103 | 104 | } 105 | 106 | if len(pods) > 0 { 107 | for _, pod := range pods { 108 | PodStatuses.mu.Lock() 109 | for _, cached := range PodStatuses.Statuses { 110 | if cached.PodUID == string(pod.UID) { 111 | returnPods = append(returnPods, cached) 112 | break 113 | } 114 | } 115 | PodStatuses.mu.Unlock() 116 | } 117 | } else { 118 | for _, pod := range PodStatuses.Statuses { 119 | returnPods = append(returnPods, pod) 120 | } 121 | } 122 | 123 | returnValue, err := json.Marshal(returnPods) 124 | if err != nil { 125 | statusCode = http.StatusInternalServerError 126 | w.WriteHeader(statusCode) 127 | log.G(h.Ctx).Error(err) 128 | return 129 | } 130 | 131 | w.WriteHeader(statusCode) 132 | _, err = w.Write(returnValue) 133 | if err != nil { 134 | log.G(h.Ctx).Error(errors.New("failed to write to http buffer")) 135 | } 136 | } 137 | -------------------------------------------------------------------------------- /pkg/interlink/api/update.go: -------------------------------------------------------------------------------- 1 | package api 2 | -------------------------------------------------------------------------------- /pkg/interlink/api/updateCache.go: -------------------------------------------------------------------------------- 1 | package api 2 | 3 | import ( 4 | "errors" 5 | "io" 6 | "net/http" 7 | 8 | "github.com/containerd/containerd/log" 9 | ) 10 | 11 | // UpdateCacheHandler is responsible for deleting not-available-anymore Pods on the Virtual Kubelet from the InterLink caching structure 12 | func (h *InterLinkHandler) UpdateCacheHandler(w http.ResponseWriter, r *http.Request) { 13 | log.G(h.Ctx).Info("InterLink: received UpdateCache call") 14 | 15 | bodyBytes, err := io.ReadAll(r.Body) 16 | statusCode := http.StatusOK 17 | if err != nil { 18 | statusCode = http.StatusInternalServerError 19 | log.G(h.Ctx).Fatal(err) 20 | } 21 | 22 | deleteCachedStatus(string(bodyBytes)) 23 | 24 | w.WriteHeader(statusCode) 25 | _, err = w.Write([]byte("Updated cache")) 26 | if err != nil { 27 | log.G(h.Ctx).Error(errors.New("failed to write to http buffer")) 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /pkg/interlink/cri/utils.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2016 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package cri 18 | 19 | import ( 20 | "fmt" 21 | 22 | runtimeapi "k8s.io/cri-api/pkg/apis/runtime/v1" 23 | ) 24 | 25 | // BuildContainerName creates a unique container name string. 26 | func BuildContainerName(metadata *runtimeapi.ContainerMetadata, sandboxID string) string { 27 | // include the sandbox ID to make the container ID unique. 28 | return fmt.Sprintf("%s_%s_%d", sandboxID, metadata.Name, metadata.Attempt) 29 | } 30 | 31 | // BuildSandboxName creates a unique sandbox name string. 32 | func BuildSandboxName(metadata *runtimeapi.PodSandboxMetadata) string { 33 | return fmt.Sprintf("%s_%s_%s_%d", metadata.Name, metadata.Namespace, metadata.Uid, metadata.Attempt) 34 | } 35 | 36 | func filterInLabels(filter, labels map[string]string) bool { 37 | for k, v := range filter { 38 | if value, ok := labels[k]; ok { 39 | if value != v { 40 | return false 41 | } 42 | } else { 43 | return false 44 | } 45 | } 46 | 47 | return true 48 | } 49 | -------------------------------------------------------------------------------- /pkg/interlink/spans.go: -------------------------------------------------------------------------------- 1 | package interlink 2 | 3 | import ( 4 | "net/http" 5 | "time" 6 | 7 | "go.opentelemetry.io/otel/attribute" 8 | trace "go.opentelemetry.io/otel/trace" 9 | ) 10 | 11 | func WithHTTPReturnCode(code int) SpanOption { 12 | return func(cfg *SpanConfig) { 13 | cfg.HTTPReturnCode = code 14 | cfg.SetHTTPCode = true 15 | } 16 | } 17 | 18 | func SetDurationSpan(startTime int64, span trace.Span, opts ...SpanOption) { 19 | endTime := time.Now().UnixMicro() 20 | config := &SpanConfig{} 21 | 22 | for _, opt := range opts { 23 | opt(config) 24 | } 25 | 26 | duration := endTime - startTime 27 | span.SetAttributes(attribute.Int64("end.timestamp", endTime), 28 | attribute.Int64("duration", duration)) 29 | 30 | if config.SetHTTPCode { 31 | span.SetAttributes(attribute.Int("exit.code", config.HTTPReturnCode)) 32 | } 33 | } 34 | 35 | func SetInfoFromHeaders(span trace.Span, h *http.Header) { 36 | var xForwardedEmail, xForwardedUser string 37 | if xForwardedEmail = h.Get("X-Forwarded-Email"); xForwardedEmail == "" { 38 | xForwardedEmail = "unknown" 39 | } 40 | if xForwardedUser = h.Get("X-Forwarded-User"); xForwardedUser == "" { 41 | xForwardedUser = "unknown" 42 | } 43 | span.SetAttributes( 44 | attribute.String("X-Forwarded-Email", xForwardedEmail), 45 | attribute.String("X-Forwarded-User", xForwardedUser), 46 | ) 47 | } 48 | -------------------------------------------------------------------------------- /pkg/interlink/types.go: -------------------------------------------------------------------------------- 1 | package interlink 2 | 3 | import ( 4 | "time" 5 | 6 | v1 "k8s.io/api/core/v1" 7 | ) 8 | 9 | // PodCreateRequests is a struct holding data for a create request. Retrieved ConfigMaps and Secrets are held along the Pod description itself. 10 | type PodCreateRequests struct { 11 | Pod v1.Pod `json:"pod"` 12 | ConfigMaps []v1.ConfigMap `json:"configmaps"` 13 | Secrets []v1.Secret `json:"secrets"` 14 | // The projected volumes are those created by ServiceAccounts (in K8S >= 1.24). They are automatically added in the pod from kubelet code. 15 | // Here the configmap will hold the files name (as key) and content (as value). 16 | ProjectedVolumeMaps []v1.ConfigMap `json:"projectedvolumesmaps"` 17 | // If a JobScriptBuilderURL is passed, vk is asking interLink to contact an endpoint for preparing the job.sh to be offloaded 18 | JobScriptBuilderURL string `json:"jobscriptURL"` 19 | } 20 | 21 | // PodStatus is a simplified v1.Pod struct, holding only necessary variables to uniquely identify a job/service in the sidecar. It is used to request 22 | type PodStatus struct { 23 | PodName string `json:"name"` 24 | PodUID string `json:"UID"` 25 | PodNamespace string `json:"namespace"` 26 | JobID string `json:"JID"` 27 | Containers []v1.ContainerStatus `json:"containers"` 28 | InitContainers []v1.ContainerStatus `json:"initContainers"` 29 | } 30 | 31 | // CreateStruct is the response to be received from interLink whenever asked to create a pod. It will allow for mapping remote ID with the pod UUID 32 | type CreateStruct struct { 33 | PodUID string `json:"PodUID"` 34 | PodJID string `json:"PodJID"` 35 | } 36 | 37 | // RetrievedContainer is used in InterLink to rearrange data structure in a suitable way for the sidecar 38 | type RetrievedContainer struct { 39 | Name string `json:"name"` 40 | ConfigMaps []v1.ConfigMap `json:"configMaps"` 41 | ProjectedVolumeMaps []v1.ConfigMap `json:"projectedvolumemaps"` 42 | Secrets []v1.Secret `json:"secrets"` 43 | // Deprecated: EmptyDirs should be built on plugin side. 44 | // Currently, it holds the DATA_ROOT_DIR/emptydirs/volumeName, but this should be a plugin choice instead, 45 | // like it currently is for ConfigMaps, ProjectedVolumeMaps, Secrets. 46 | EmptyDirs []string `json:"emptyDirs"` 47 | } 48 | 49 | // RetrievedPoData is used in InterLink to rearrange data structure in a suitable way for the sidecar 50 | type RetrievedPodData struct { 51 | Pod v1.Pod `json:"pod"` 52 | Containers []RetrievedContainer `json:"container"` 53 | JobScriptBuild ScriptBuildConfig `json:"jobConfig,omitempty"` 54 | JobScript string `json:"jobScript,omitempty"` 55 | } 56 | 57 | // ContainerLogOpts is a struct in which it is possible to specify options to retrieve logs from the sidecar 58 | type ContainerLogOpts struct { 59 | Tail int `json:"Tail"` 60 | LimitBytes int `json:"Bytes"` 61 | Timestamps bool `json:"Timestamps"` 62 | Follow bool `json:"Follow"` 63 | Previous bool `json:"Previous"` 64 | SinceSeconds int `json:"SinceSeconds"` 65 | SinceTime time.Time `json:"SinceTime"` 66 | } 67 | 68 | // LogStruct is needed to identify the job/container running on the sidecar to retrieve the logs from. Using ContainerLogOpts struct allows to specify more options on how to collect logs 69 | type LogStruct struct { 70 | Namespace string `json:"Namespace"` 71 | PodUID string `json:"PodUID"` 72 | PodName string `json:"PodName"` 73 | ContainerName string `json:"ContainerName"` 74 | Opts ContainerLogOpts `json:"Opts"` 75 | } 76 | 77 | type SpanConfig struct { 78 | HTTPReturnCode int 79 | SetHTTPCode bool 80 | } 81 | 82 | type SpanOption func(*SpanConfig) 83 | -------------------------------------------------------------------------------- /pkg/virtualkubelet/cert-retriever.go: -------------------------------------------------------------------------------- 1 | package virtualkubelet 2 | 3 | import ( 4 | "crypto/ed25519" 5 | cryptorand "crypto/rand" 6 | "crypto/tls" 7 | "crypto/x509" 8 | "crypto/x509/pkix" 9 | "encoding/pem" 10 | "fmt" 11 | "math/big" 12 | "math/rand" 13 | "net" 14 | "time" 15 | 16 | certificates "k8s.io/api/certificates/v1" 17 | "k8s.io/client-go/kubernetes" 18 | "k8s.io/client-go/util/certificate" 19 | // k8s.io/kubernetes/pkg/apis/certificates" 20 | ) 21 | 22 | type Crtretriever func(*tls.ClientHelloInfo) (*tls.Certificate, error) 23 | 24 | // NewCertificateManager creates a certificate manager for the kubelet when retrieving a server certificate, or returns an error. 25 | // This function is inspired by Liqo implementation: 26 | // https://github.com/liqotech/liqo/blob/master/cmd/virtual-kubelet/root/http.go#L149 27 | func NewCertificateRetriever(kubeClient kubernetes.Interface, signer, nodeName string, nodeIP net.IP) (Crtretriever, error) { 28 | const ( 29 | vkCertsPath = "/tmp/certs" 30 | vkCertsPrefix = "virtual-kubelet" 31 | ) 32 | 33 | certificateStore, err := certificate.NewFileStore(vkCertsPrefix, vkCertsPath, vkCertsPath, "", "") 34 | if err != nil { 35 | return nil, fmt.Errorf("failed to initialize server certificate store: %w", err) 36 | } 37 | 38 | getTemplate := func() *x509.CertificateRequest { 39 | return &x509.CertificateRequest{ 40 | Subject: pkix.Name{ 41 | CommonName: fmt.Sprintf("system:node:%s", nodeName), 42 | Organization: []string{"system:nodes"}, 43 | }, 44 | IPAddresses: []net.IP{nodeIP}, 45 | } 46 | } 47 | 48 | mgr, err := certificate.NewManager(&certificate.Config{ 49 | ClientsetFn: func(_ *tls.Certificate) (kubernetes.Interface, error) { 50 | return kubeClient, nil 51 | }, 52 | GetTemplate: getTemplate, 53 | SignerName: signer, 54 | Usages: []certificates.KeyUsage{ 55 | // https://tools.ietf.org/html/rfc5280#section-4.2.1.3 56 | // 57 | // Digital signature allows the certificate to be used to verify 58 | // digital signatures used during TLS negotiation. 59 | certificates.UsageDigitalSignature, 60 | // KeyEncipherment allows the cert/key pair to be used to encrypt 61 | // keys, including the symmetric keys negotiated during TLS setup 62 | // and used for data transfer. 63 | certificates.UsageKeyEncipherment, 64 | // ServerAuth allows the cert to be used by a TLS server to 65 | // authenticate itself to a TLS client. 66 | certificates.UsageServerAuth, 67 | }, 68 | CertificateStore: certificateStore, 69 | }) 70 | if err != nil { 71 | return nil, fmt.Errorf("failed to initialize server certificate manager: %w", err) 72 | } 73 | 74 | mgr.Start() 75 | 76 | return func(*tls.ClientHelloInfo) (*tls.Certificate, error) { 77 | cert := mgr.Current() 78 | if cert == nil { 79 | return nil, fmt.Errorf("no serving certificate available") 80 | } 81 | return cert, nil 82 | }, nil 83 | } 84 | 85 | // newSelfSignedCertificateRetriever creates a new retriever for self-signed certificates. 86 | func NewSelfSignedCertificateRetriever(nodeName string, nodeIP net.IP) Crtretriever { 87 | 88 | creator := func() (*tls.Certificate, time.Time, error) { 89 | expiration := time.Now().AddDate(1, 0, 0) // 1 year 90 | 91 | // Generate a new private key. 92 | publicKey, privateKey, err := ed25519.GenerateKey(cryptorand.Reader) 93 | if err != nil { 94 | return nil, expiration, fmt.Errorf("failed to generate a key pair: %w", err) 95 | } 96 | 97 | keyBytes, err := x509.MarshalPKCS8PrivateKey(privateKey) 98 | if err != nil { 99 | return nil, expiration, fmt.Errorf("failed to marshal the private key: %w", err) 100 | } 101 | 102 | // Generate the corresponding certificate. 103 | cert := &x509.Certificate{ 104 | Subject: pkix.Name{ 105 | CommonName: fmt.Sprintf("system:node:%s", nodeName), 106 | Organization: []string{"intertwin.eu"}, 107 | }, 108 | IPAddresses: []net.IP{nodeIP}, 109 | SerialNumber: big.NewInt(rand.Int63()), //nolint:gosec // A weak random generator is sufficient. 110 | NotBefore: time.Now(), 111 | NotAfter: expiration, 112 | KeyUsage: x509.KeyUsageDigitalSignature, 113 | ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth}, 114 | } 115 | 116 | certBytes, err := x509.CreateCertificate(cryptorand.Reader, cert, cert, publicKey, privateKey) 117 | if err != nil { 118 | return nil, expiration, fmt.Errorf("failed to create the self-signed certificate: %w", err) 119 | } 120 | 121 | // Encode the resulting certificate and private key as a single object. 122 | output, err := tls.X509KeyPair( 123 | pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: certBytes}), 124 | pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Bytes: keyBytes})) 125 | if err != nil { 126 | return nil, expiration, fmt.Errorf("failed to create the X509 key pair: %w", err) 127 | } 128 | 129 | return &output, expiration, nil 130 | } 131 | 132 | // Cache the last generated cert, until it is not expired. 133 | var cert *tls.Certificate 134 | var expiration time.Time 135 | return func(*tls.ClientHelloInfo) (*tls.Certificate, error) { 136 | if cert == nil || expiration.Before(time.Now().AddDate(0, 0, 1)) { 137 | var err error 138 | cert, expiration, err = creator() 139 | if err != nil { 140 | return nil, err 141 | } 142 | } 143 | return cert, nil 144 | } 145 | } 146 | -------------------------------------------------------------------------------- /pkg/virtualkubelet/config.go: -------------------------------------------------------------------------------- 1 | package virtualkubelet 2 | 3 | // Config holds the whole configuration 4 | type Config struct { 5 | InterlinkURL string `yaml:"InterlinkURL"` 6 | InterlinkPort string `yaml:"InterlinkPort"` 7 | KubernetesAPIAddr string `yaml:"KubernetesApiAddr"` 8 | KubernetesAPIPort string `yaml:"KubernetesApiPort"` 9 | KubernetesAPICaCrt string `yaml:"KubernetesApiCaCrt"` 10 | DisableProjectedVolumes bool `yaml:"DisableProjectedVolumes"` 11 | JobScriptBuilderURL string `yaml:"JobScriptBuilderURL,omitempty"` 12 | VKConfigPath string `yaml:"VKConfigPath"` 13 | VKTokenFile string `yaml:"VKTokenFile"` 14 | ServiceAccount string `yaml:"ServiceAccount"` 15 | Namespace string `yaml:"Namespace"` 16 | PodIP string `yaml:"PodIP"` 17 | PodCIDR PodCIDR `yaml:"PodCIDR"` 18 | VerboseLogging bool `yaml:"VerboseLogging"` 19 | ErrorsOnlyLogging bool `yaml:"ErrorsOnlyLogging"` 20 | HTTP HTTP `yaml:"HTTP"` 21 | KubeletHTTP HTTP `yaml:"KubeletHTTP"` 22 | Resources Resources `yaml:"Resources"` 23 | NodeLabels []string `yaml:"NodeLabels"` 24 | NodeTaints []TaintSpec `yaml:"NodeTaints"` 25 | TLS TLSConfig `yaml:"TLS,omitempty"` 26 | Network Network `yaml:"Network,omitempty"` 27 | } 28 | 29 | // TLSConfig holds TLS/mTLS configuration for secure communication with interLink API 30 | type TLSConfig struct { 31 | Enabled bool `yaml:"Enabled"` 32 | CertFile string `yaml:"CertFile,omitempty"` 33 | KeyFile string `yaml:"KeyFile,omitempty"` 34 | CACertFile string `yaml:"CACertFile,omitempty"` 35 | } 36 | 37 | type HTTP struct { 38 | Insecure bool `yaml:"Insecure"` 39 | CaCert string `yaml:"CaCert"` 40 | } 41 | 42 | type Resources struct { 43 | CPU string `yaml:"CPU,omitempty"` 44 | Memory string `yaml:"Memory,omitempty"` 45 | Pods string `yaml:"Pods,omitempty"` 46 | Accelerators []Accelerator `yaml:"Accelerators"` 47 | } 48 | 49 | type Accelerator struct { 50 | ResourceType string `yaml:"ResourceType"` 51 | Model string `yaml:"Model"` 52 | Available int `yaml:"Available"` 53 | } 54 | 55 | type TaintSpec struct { 56 | Key string `yaml:"Key"` 57 | Value string `yaml:"Value"` 58 | Effect string `yaml:"Effect"` 59 | } 60 | 61 | type PodCIDR struct { 62 | Subnet string `yaml:"Subnet"` 63 | MaxIP int `yaml:"MaxIP"` 64 | MinIP int `yaml:"MinIP"` 65 | } 66 | 67 | type Network struct { 68 | EnableTunnel bool `yaml:"EnableTunnel" default:"false"` 69 | WildcardDNS string `yaml:"WildcardDNS,omitempty"` 70 | WstunnelTemplatePath string `yaml:"WstunnelTemplatePath,omitempty"` 71 | } 72 | -------------------------------------------------------------------------------- /pkg/virtualkubelet/templates/wstunnel-template.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{.Name}} 5 | namespace: {{.Namespace}} 6 | spec: 7 | replicas: 1 8 | selector: 9 | matchLabels: 10 | app.kubernetes.io/component: {{.Name}} 11 | template: 12 | metadata: 13 | labels: 14 | app.kubernetes.io/component: {{.Name}} 15 | spec: 16 | containers: 17 | - args: 18 | - ./wstunnel server --log-lvl DEBUG --dns-resolver-prefer-ipv4 --restrict-http-upgrade-path-prefix {{.RandomPassword}} ws://0.0.0.0:8080 19 | command: 20 | - bash 21 | - -c 22 | image: ghcr.io/dciangot/dciangot/wg:v0.2 23 | imagePullPolicy: IfNotPresent 24 | name: wireguard 25 | ports: 26 | - containerPort: 8080 27 | name: webhook 28 | protocol: TCP 29 | - containerPort: 51820 30 | name: vpn 31 | protocol: UDP 32 | {{- range .ExposedPorts}} 33 | - containerPort: {{.Port}} 34 | name: {{.Name}} 35 | protocol: {{.Protocol}} 36 | {{- end}} 37 | resources: 38 | requests: 39 | cpu: 100m 40 | memory: 90Mi 41 | nodeSelector: 42 | kubernetes.io/os: linux 43 | --- 44 | apiVersion: v1 45 | kind: Service 46 | metadata: 47 | name: {{.Name}} 48 | namespace: {{.Namespace}} 49 | spec: 50 | type: ClusterIP 51 | selector: 52 | app.kubernetes.io/component: {{.Name}} 53 | ports: 54 | - port: 8080 55 | targetPort: 8080 56 | name: ws 57 | {{- range .ExposedPorts}} 58 | - port: {{.Port}} 59 | targetPort: {{.TargetPort}} 60 | name: {{.Name}} 61 | {{- if .Protocol}} 62 | protocol: {{.Protocol}} 63 | {{- end}} 64 | {{- end}} 65 | --- 66 | apiVersion: networking.k8s.io/v1 67 | kind: Ingress 68 | metadata: 69 | name: {{.Name}} 70 | namespace: {{.Namespace}} 71 | annotations: 72 | nginx.ingress.kubernetes.io/proxy-read-timeout: "3600" 73 | nginx.ingress.kubernetes.io/proxy-send-timeout: "3600" 74 | nginx.ingress.kubernetes.io/server-snippets: | 75 | location / { 76 | proxy_set_header Upgrade $http_upgrade; 77 | proxy_set_header Connection "upgrade"; 78 | proxy_http_version 1.1; 79 | proxy_set_header X-Forwarded-For $remote_addr; 80 | proxy_set_header Host $host; 81 | proxy_cache_bypass $http_upgrade; 82 | } 83 | kubernetes.io/ingress.class: "nginx" 84 | spec: 85 | rules: 86 | - host: ws-{{.Name}}.{{.WildcardDNS}} 87 | http: 88 | paths: 89 | - path: / 90 | pathType: Prefix 91 | backend: 92 | service: 93 | name: {{.Name}} 94 | port: 95 | number: 8080 -------------------------------------------------------------------------------- /pkg/virtualkubelet/version.go: -------------------------------------------------------------------------------- 1 | package virtualkubelet 2 | 3 | var ( 4 | KubeletVersion = "test" 5 | ) 6 | -------------------------------------------------------------------------------- /systemd/user/.slurm-plugin.service.swp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/interlink-hq/interLink/bcd8b82419750774d1dcf31b9756249782b2ebda/systemd/user/.slurm-plugin.service.swp -------------------------------------------------------------------------------- /systemd/user/interlink.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=This Unit is needed to automatically start the interLink API at system startup 3 | After=network.target 4 | 5 | [Service] 6 | Type=simple 7 | Restart=always 8 | RestartSec=3 9 | 10 | ExecStart=/home/USERNAME/.interlink/bin/interlink 11 | Environment="INTERLINKCONFIGPATH=/home/USERNAME/.interlink/config/InterLinkConfig.yaml" 12 | Environment="SHARED_FS=true" 13 | 14 | Environment="ENABLE_TRACING=0" 15 | 16 | StandardOutput=append:/home/USERNAME/.interlink/logs/interlink.log 17 | StandardError=append:/home/USERNAME/.interlink/logs/interlink.log 18 | 19 | [Install] 20 | WantedBy=multi-user.target 21 | -------------------------------------------------------------------------------- /systemd/user/oauth2-proxy.cfg: -------------------------------------------------------------------------------- 1 | client_id = "YOUR OIDC CLIENT ID" 2 | client_secret = "YOUR OIDC CLIENT SECRET" 3 | http_address = "0.0.0.0:30443" 4 | oidc_issuer_url = "https://iam.cloud.infn.it/" 5 | pass_authorization_header = "true" 6 | provider = "oidc" 7 | redirect_url = "http://localhost:8081/" 8 | oidc_extra_audiences = [ "users" ] 9 | upstreams = [ "unix:///leonardo/home/usera07cna/a07cna01/.interlink/interlink.sock", "http://localhost:30080/"] 10 | allowed_groups = [ "YOUR USER SUB"] 11 | validate_url = "https://iam.cloud.infn.it/token" 12 | oidc_groups_claim = "sub" 13 | email_domains = [ 14 | "*" 15 | ] 16 | cookie_secret= "2IS..nfCSKy4=" 17 | skip_auth_routes = [ 18 | "='*'" 19 | ] 20 | force_https = "true" 21 | https_address = "0.0.0.0:30443" 22 | tls_cert_file = "/home/USERNAME/.interlink/config/tls.crt" 23 | tls_key_file = "/home/USERNAME/.interlink/config/tls.key" 24 | 25 | tls_cipher_suites = ["TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","TLS_RSA_WITH_AES_128_CBC_SHA","TLS_RSA_WITH_AES_128_GCM_SHA256","TLS_RSA_WITH_AES_256_CBC_SHA","TLS_RSA_WITH_AES_256_GCM_SHA384"] 26 | skip_jwt_bearer_tokens = "true" 27 | 28 | -------------------------------------------------------------------------------- /systemd/user/oauth2-proxy.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=This Unit is needed to automatically start the oauth2-proxy at system startup 3 | After=network.target 4 | 5 | [Service] 6 | Type=simple 7 | Restart=always 8 | RestartSec=3 9 | 10 | WorkDirectory=/home/USERNAME/.interlink/config/ 11 | 12 | ExecStart=/home/USERNAME/.interlink/bin/oauth2-proxy --config=/home/USERNAME/.config/systemd/user/oauth2-proxy.cfg 13 | 14 | StandardOutput=append:/home/USERNAME/interlink/logs/oauth2-proxy.log 15 | StandardError=append:/home/USERNAME/.interlink/logs/oauth2-proxy.log 16 | 17 | [Install] 18 | WantedBy=multi-user.target 19 | 20 | 21 | -------------------------------------------------------------------------------- /systemd/user/slurm-plugin.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=This Unit is needed to automatically start the SLURM plugin at system startup 3 | After=network.target 4 | 5 | [Service] 6 | Type=simple 7 | Restart=always 8 | RestartSec=3 9 | 10 | ExecStart=/home/USERNAME/.interlink/bin/plugin 11 | Environment="SLURMCONFIGPATH=/home/USERNAME/.interlink/config/plugin-config.yaml" 12 | Environment="SHARED_FS=true" 13 | 14 | Environment="ENABLE_TRACING=0" 15 | StandardOutput=append:/home/USERNAME/.interlink/logs/plugin.log 16 | StandardError=append:/home/USERNAME/.interlink/logs/plugin.log 17 | 18 | [Install] 19 | WantedBy=multi-user.target 20 | -------------------------------------------------------------------------------- /yarn.lock: -------------------------------------------------------------------------------- 1 | # THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY. 2 | # yarn lockfile v1 3 | 4 | 5 | --------------------------------------------------------------------------------