Named for the pea crab (Pinnothera Faba), the smallest crab in the world, pinnothera is a tiny utility for ensuring a Kubernetes application's SNS/SQS topic and queue subscriptions are configured as expected whenever the application is deployed to a cluster.
pinnothera
is intended to run inside a Kubernetes cluster, but will run locally
without fuss (provided your local environment has the expected environment variables set).
pinnothera
reads the intended SNS/SQS configuration for a given Kubernetes Namespace
from a ConfigMap
named sns-sqs-config
(located in the same namespace). To do so, the
ConfigMap
must exist (obviously), but the Namespace
's ServiceAccount
must also have
the appropriate permissions.
Ensure the required ClusterRole
and RoleBinding
exist in your local cluster:
kubectl apply -f k8s/cluster-role.yaml
kubectl apply -f k8s/role-binding.yaml -n NAMESPACE --overrides='{"subjects": [{"namespace": "NAMESPACE"}]}'
kubectl apply -f k8s/pinnothera-job.yaml -n NAMESPACE
NOTE: If your cluster isn't running in EKS, ensure that you've edited pinnothera-job.yaml so that the correct AWS region and credentials are set in the container's environment.
kubectl run -it configure-sns-sqs \
--rm \
--restart=Never \
--env='AWS_DEFAULT_REGION=YOUR AWS REGION' \
--env='AWS_ACCESS_KEY_ID=YOUR ACCESS KEY ID' \
--env='AWS_SECRET_ACCESS_KEY=YOUR SECRET ACCESS KEY' \
--image=docker.io/thewondersmith/pinnothera:latest
Either build your own binary using the instructions below, or download the appropriate one for your local system from the releases, then -
export AWS_ENDPOINT='YOUR AWS ENDPOINT' \
AWS_ACCESS_KEY_ID='YOUR ACCESS KEY' \
AWS_DEFAULT_REGION='YOUR AWS REGION' \
AWS_SECRET_ACCESS_KEY='YOUR SECRET ACCESS KEY';
pinnothera
git clone https://github.com/the-wondersmith/pinnothera
cd pinnothera
cargo build --release
target/release/pinnothera
git clone https://github.com/the-wondersmith/pinnothera
cd pinnothera
OCI_TARGETS=(x86_64-unknown-linux-musl aarch-unknown-linux-musl)
rustup target add "${OCI_TARGETS}"
for TARGET in ${OCI_TARGETS[]@}; do cargo build --release --target "${TARGET}"; done
NOTE: Building binaries for targets other than your local system will most likely require you to have one or more cross-compilation toolchains installed. Check the Dockerfile for relevant
apt
packages for Linux hosts. Check crosstool-ng for macOS hosts. Windows hosts should... really know better, I suppose.
After cargo finishes, move the compiled binaries from target/{ARCH}/release
into
the artifacts/
directory, then run:
docker buildx build --push --platform='linux/arm64,linux/amd64' --tag='docker.io/{USERNAME}/pinnothera:{TAG}' --target='precompiled-pinn-image' -f Dockerfile .
WARNING: Compiling binaries using docker's
buildx
plugin generally relies on QEMU and has a tendency to result in weirdly flaky binaries. I haven't personally had very good luck doing things this way, but your mileage may vary.
Just run:
docker buildx build --push --platform='linux/arm64,linux/amd64' --tag='docker.io/{USERNAME}/pinnothera:{TAG}' --target='pinn-image' -f Dockerfile .
I heavily advise you to check the resulting binaries on native amd64 and arm64 hosts.