https://github.com/selkies-project/selkies

K8s operator for per-user stateful workloads
https://github.com/selkies-project/selkies

gke kubernetes selkies

Last synced: 22 days ago
JSON representation

K8s operator for per-user stateful workloads

• Host: GitHub
• URL: https://github.com/selkies-project/selkies
• Owner: selkies-project
• License: apache-2.0
• Created: 2021-01-10T20:41:38.000Z (over 4 years ago)
• Default Branch: master
• Last Pushed: 2024-03-14T20:29:11.000Z (about 1 year ago)
• Last Synced: 2025-04-29T13:44:39.020Z (25 days ago)
• Topics: gke, kubernetes, selkies
• Language: Go
• Homepage: https://selkies.io
• Size: 599 KB
• Stars: 73
• Watchers: 3
• Forks: 13
• Open Issues: 16
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

• awesome-webrtc - selkies-gstreamer - Open-Source Low-Latency Linux WebRTC HTML5 Remote Desktop / GStreamer WebRTC Components of Selkies. (Projects / Tool)

README

        
# Selkies - Stateful Workload Operator

[![Discord](https://img.shields.io/discord/798699922223398942?logo=discord)](https://discord.gg/wDNGDeSW5F)

Selkies is a platform built on GKE to orchestrate per-user stateful workloads.

## Quick start

### Assumptions

* You are a member of a Google Cloud [organization](https://cloud.google.com/resource-manager/docs/creating-managing-organization).

  * This is required for `setup/scripts/create_oauth_client.sh` to use `gcloud alpha iap oauth-brand` commands, because these implicity operate on organization-internal brands. For more information, see [this guide](https://cloud.google.com/iap/docs/programmatic-oauth-clients).

* You are granted the `Owner` role in a project in that organization. 

* You have `gcloud` [installed](https://cloud.google.com/sdk/docs/install) in your environment.

### Steps

The steps below will create the infrastructure for the app launcher. You should deploy to a new project.

1. Clone the source repository:

    ```bash

    git clone -b master https://github.com/selkies-project/selkies.git

    cd selkies

    ```

1. Configure gcloud (replace `XXX` & `us-west1` with your project ID & preferred region): 

    ```bash

    export PROJECT_ID=XXX

    export REGION=us-west1

    gcloud config set project ${PROJECT_ID?}

    gcloud config set compute/region ${REGION?}

    ```

1. Enable the required GCP project services:

    ```bash

    gcloud services enable \

        --project ${PROJECT_ID?} \

        cloudresourcemanager.googleapis.com \

        compute.googleapis.com \

        container.googleapis.com \

        cloudbuild.googleapis.com \

        servicemanagement.googleapis.com \

        serviceusage.googleapis.com \

        stackdriver.googleapis.com \

        secretmanager.googleapis.com \

        iap.googleapis.com

    ```

1. Grant the cloud build service account permissions on your project:

    ```bash

    PROJECT_NUMBER=$(

      gcloud projects describe ${PROJECT_ID?} \

        --format='value(projectNumber)'

    ) && \

      CLOUDBUILD_SA="${PROJECT_NUMBER?}@cloudbuild.gserviceaccount.com" && \

      gcloud projects add-iam-policy-binding ${PROJECT_ID?} \

        --member serviceAccount:${CLOUDBUILD_SA?} \

        --role roles/owner && \

      gcloud projects add-iam-policy-binding ${PROJECT_ID?} \

        --member serviceAccount:${CLOUDBUILD_SA?} \

        --role roles/iam.serviceAccountTokenCreator

    ```

1. Deploy with Cloud Build:

    ```bash

    ACCOUNT=$(gcloud config get-value account) && \

      gcloud builds submit \

        --project=${PROJECT_ID?} \

        --substitutions=_USER=${ACCOUNT?},_REGION=${REGION?}

    ```

1. Deploy sample app:

    ```bash

    (cd examples/jupyter-notebook/ && \

      gcloud builds submit \

        --project=${PROJECT_ID?} \

        --substitutions=_REGION=${REGION?})

    ```

1. Connect to the App Launcher web interface at the URL output below:

    ```bash

    echo "https://broker.endpoints.${PROJECT_ID?}.cloud.goog/"

    ```

### Troubleshooting

* If the initial cloud build fails with the message

`Step #2 - "create-oauth-client": ERROR: (gcloud.alpha.iap.oauth-brands.list) INVALID_ARGUMENT: Request contains an invalid argument.`,

it is most likely due to running as a user

that is not a member of the Cloud Identity Organization.

See [the assumption described above](#Assumptions).

* If the initial cloud build fails with the message

`Step #2 - "create-oauth-client": ERROR: (gcloud.alpha.iap.oauth-clients.create) FAILED_PRECONDITION: Precondition check failed.`,

it is most likely due to reusing a project

that already had its OAuth consent screen set to "External",

which cannot be changed via `gcloud`.

Click the "MAKE INTERNAL" button

[here](https://console.cloud.google.com/apis/credentials/consent)

in your project.

* If a `wget` step fails, retry the same command.

Some third-party artifact URLs are flaky (due to globally-rate-limited hosts).

* If your region only has 500 GB of Persistent Disk SSD quota, run the following,

but keep in mind the number of apps and image pull performance will be affected.

    ```bash

    cat - > selkies-min-ssd.auto.tfvars <