Skip to content

Add Kubernetes job runner (#347)#349

Open
jaredjennings wants to merge 4 commits intoTheHive-Project:developfrom
jaredjennings:k8s-job-runner
Open

Add Kubernetes job runner (#347)#349
jaredjennings wants to merge 4 commits intoTheHive-Project:developfrom
jaredjennings:k8s-job-runner

Conversation

@jaredjennings
Copy link

@jaredjennings jaredjennings commented Mar 4, 2021

These changes implement a job runner that makes Kubernetes API calls to run Dockerized neurons as Kubernetes Jobs.

There's also a bit of cruft picked up along the way, like enabling Dockerized Cortex to connect to Elasticsearch using HTTPS. Please look out for rookie mistakes: this is my first Scala code.

@jaredjennings jaredjennings mentioned this pull request Mar 4, 2021
Open
@DrissiReda
Copy link

DrissiReda commented Mar 25, 2021

Since kubernetes is dropping docker, can this allow us to use the kubernetes cluster's container runtime? (Mainly interested in containerd).

@jaredjennings
Copy link
Author

jaredjennings commented Mar 25, 2021

@DrissiReda, yes. The Kubernetes Job abstraction is at a higher level than Kubernetes' Container Runtime Interface (CRI), which is where Docker plugs into Kubernetes if you use Docker. And the k3s cluster I used for development and testing of this pull request already doesn't use Docker.

@jaredjennings jaredjennings mentioned this pull request Apr 20, 2021
Open
@jaredjennings jaredjennings force-pushed the k8s-job-runner branch 2 times, most recently from 6738e9b to 9cc6cbe Compare May 11, 2021 16:23
@jaredjennings
Copy link
Author

jaredjennings commented May 11, 2021

I've separated better the changes that add support to the entrypoint for trusting CA certs. There are separate trusts for Elasticsearch and for outgoing web services. I have not made a separate pull request for those, but I can. They are possibly of more general interest than the Kubernetes job runner.

@jaredjennings
Copy link
Author

jaredjennings commented May 11, 2021

OK. I went ahead and split the Elasticsearch authentication and CA cert stuff out into #362. I gave the commits here a hard look, and decided that the story of progression toward functionality they told wasn't something that needed to be preserved. So I collapsed the commits into one, for easier review. The "cruft picked up along the way," which I mentioned at the top of the thread, is gone.

@tl-Bruno-Braga
Copy link

tl-Bruno-Braga commented Aug 20, 2021

@jaredjennings any updates on this? I assume that at this point this feature is still not implemented?

@jaredjennings
Copy link
Author

jaredjennings commented Aug 31, 2021

@tl-Bruno-Braga, here it sits. Works for me, though I haven't taken it to production yet. I've asked a couple of times on the Discord about it.

dikkadev added a commit to dikkadev/PeekabooAV-Installer that referenced this pull request Mar 16, 2022
@dikkadev
k8s: my current state of work
e5d19bc 
This commits my current progress in re-creating the docker-compose
pipeline for PeekabooAV in Kubernetes.

That includes deployments, services, and hard-coded config files for
each step in the pipeline, modeled after what was done in the
[pipeline](/sett17/peekabooav-installer/tree/pipeline).

The yamls for cortex, and the set-up job, are included, although cortex
does currently not work inside of Kubernetes, due to the missing docker
runner. There is an open [PR](/TheHive-Project/Cortex/pull/349) and
corresponding issue.

Except for above mentioned cortex, the pipeline is fully functional.
Meaning one can send an email to the postfix_tx deployment, which is
then sent to the postfix_rx deployment and then processed by rspamd and
Peekaboo.

This was tested and developed with microk8s and a single node.
dikkadev added a commit to dikkadev/PeekabooAV-Installer that referenced this pull request Mar 16, 2022
@dikkadev
k8s: My current state of work
56b990f 
This commits my current progress in re-creating the docker-compose
pipeline for PeekabooAV in Kubernetes.

That includes deployments, services, and hard-coded config files for
each step in the pipeline, modeled after what was done in the
[pipeline](/Sett17/PeekabooAV-Installer/tree/pipeline).

The yamls for cortex, and the set-up job, are included, although cortex
does currently not work inside of Kubernetes, due to the missing docker
runner. There is an open [PR](/TheHive-Project/Cortex/pull/349) and
corresponding issue.

Except for above mentioned cortex, the pipeline is fully functional.
Meaning one can send an email to the postfix_tx deployment, which is
then sent to the postfix_rx deployment and then processed by rspamd and
Peekaboo.

This was tested and developed with microk8s and a single node.
@jaredjennings jaredjennings mentioned this pull request Jun 24, 2022
Open
@michielboekhoff
Copy link

michielboekhoff commented Sep 27, 2023

I know it's been a while - but I just wanted to say thank you @jaredjennings for creating this PR. I'm disheartened that this hasn't been merged yet, given Kubernetes' popularity. For now, I'm having to maintain a fork just to run Cortex on a managed Kubernetes cluster.

@blopezpi
Copy link

blopezpi commented Aug 23, 2024
edited
Loading

Hello maintainers, I think this feature will be great and useful for the majority of people using Kubernetes since they deprecated dockershim. Can this PR be moved to develop branch? Who is the owner of this repository to validate this PR? @To-om @nadouani

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@jaredjennings @DrissiReda @tl-Bruno-Braga @michielboekhoff @blopezpi @To-om