feat: macos support for dev cluster scripts (#2897)

2025-06-30 20:42:10 +09:00 · 2025-06-30 20:42:10 +09:00 · a93cbe6785
parent 84d2ad08ad
commit a93cbe6785
4 changed files with 119 additions and 37 deletions
--- a/hack/allocate.sh
+++ b/hack/allocate.sh
@ -20,9 +20,9 @@ set -o errexit
 set -o nounset
 set -o pipefail

-source "$(dirname "$(realpath "$0")")/common.sh"
+source "$(cd "$(dirname "$0")" && pwd)/common.sh"
 # this is where versions of common components are (like knative)
-source "$(dirname "$(realpath "$0")")/component-versions.sh"
+source "$(cd "$(dirname "$0")" && pwd)/component-versions.sh"

 main() {
  echo "${blue}Allocating${reset}"
@ -442,7 +442,10 @@ next_steps() {
  echo -e "${grey}REGISTRY"
  echo -e "Before using the cluster for integration and E2E tests, please run \"${reset}registry.sh${grey}\" (Linux systems) which will configure podman or docker to communicate with the standalone container registry without TLS."
  echo -e ""
-  echo -e "For other operating systems, or to do this manually, edit the docker daemon config (/etc/docker/daemon.json on linux and ~/.docker/daemon.json on OSX), add:"
+  echo -e "For other operating systems, or to do this manually, edit the docker daemon config:"
+  echo -e "  - Linux: /etc/docker/daemon.json"
+  echo -e "  - macOS: ~/.docker/daemon.json (or via Docker Desktop settings)"
+  echo -e "Add the following configuration:"
  echo -e "${reset}{ \"insecure-registries\": [ \"localhost:50000\" ] }"
  echo -e ""
  echo -e "${grey}For podman, edit /etc/container/registries.conf to include:"
--- a/hack/common.sh
+++ b/hack/common.sh
@ -29,11 +29,25 @@ find_executables() {
 }

 populate_environment() {
-  export ARCH="${ARCH:-amd64}"
+  # User's KUBECOFNIG and that used by these scripts should be isolated:
+  export KUBECONFIG="$(cd "$(dirname "$0")" && pwd)/bin/kubeconfig.yaml"
+  # Detect architecture, default to amd64 if unable to detect
+  if [[ -z "${ARCH:-}" ]]; then
+    local machine_arch=$(uname -m)
+    case $machine_arch in
+      x86_64) export ARCH="amd64" ;;
+      aarch64|arm64) export ARCH="arm64" ;;
+      *) export ARCH="amd64" ;;
+    esac
+  else
+    export ARCH="$ARCH"
+  fi
  export CONTAINER_ENGINE=${CONTAINER_ENGINE:-docker}
-  export KUBECONFIG="${KUBECONFIG:-$(dirname "$(realpath "$0")")/bin/kubeconfig.yaml}"
  export TERM="${TERM:-dumb}"
+
  echo "KUBECONFIG=${KUBECONFIG}"
+  echo "CONTAINER_ENGINE=${CONTAINER_ENGINE}"
+  echo "TERM=${TERM}"
 }

 define_colors() {
@ -75,7 +89,7 @@ find_executable() {

  # Use the binary installed into hack/bin/ by allocate.sh if
  # it exists.
-  path=$(dirname "$(realpath "$0")")"/bin/$name"
+  path=$(cd "$(dirname "$0")" && pwd)"/bin/$name"
  if [[ -x "$path" ]]; then
    echo "$path" & return 0
  fi
--- a/hack/install-binaries.sh
+++ b/hack/install-binaries.sh
@ -19,21 +19,23 @@
 source "$(dirname "$(realpath "$0")")/common.sh"

 install_binaries() {
-  assert_linux
+  assert_supported_os
+  set_os_arch_vars
  warn_architecture

  local root="$(dirname "$(realpath "$0")")"
  local bin="${root}/bin"

-  local kubectl_version=1.32.0
-  local kind_version=0.26.0
-  local dapr_version=1.11.0
-  local helm_version=3.12.0
-  local stern_version=1.25.0
-  local kn_version=1.13.0
+  local kubectl_version=1.33.1
+  local kind_version=0.29.0
+  local dapr_version=1.14.1
+  local helm_version=3.18.0
+  local stern_version=1.32.0
+  local kn_version=1.18.0
  local jq_version=1.7.1

  echo "${blue}Installing binaries${reset}"
+  echo "  OS:           ${OS}"
  echo "  Architecture: ${ARCH}"
  echo "  Destination:  ${bin}"

@ -51,71 +53,97 @@ install_binaries() {

 }

-assert_linux() {
+assert_supported_os() {
  os_name=$(uname -s)
-  if [ "$os_name" != "Linux" ]; then
+  if [ "$os_name" != "Linux" ] && [ "$os_name" != "Darwin" ]; then
    echo "${yellow}----------------------------------------------------------------------${reset}"
-    echo "${yellow}This script currently only supports Linux${reset}"
+    echo "${yellow}This script only supports Linux and Darwin (macOS)${reset}"
    echo "Please install the dependencies manually"
    echo "${yellow}----------------------------------------------------------------------${reset}"
    exit 1
  fi
 }

+set_os_arch_vars() {
+  OS=$(uname -s | tr '[:upper:]' '[:lower:]')
+  ARCH_RAW=$(uname -m)
+  
+  # Map architecture names
+  case "${ARCH_RAW}" in
+    x86_64)
+      ARCH="amd64"
+      ;;
+    aarch64|arm64)
+      ARCH="arm64"
+      ;;
+    *)
+      ARCH="${ARCH_RAW}"
+      ;;
+  esac
+  
+  # Override with environment variable if set
+  ARCH="${ARCH:-$ARCH}"
+}
+
 warn_architecture() {
  arch=$(uname -m)
-  if [ "$arch" != "x86_64" ]; then
-    echo -e "${yellow}Detected untested architecture ${arch}.${reset}\n This script is only tested with amd64, but you can use the ARCH env variable to specify an architecture to be interpolated in download links."
+  if [ "$arch" != "x86_64" ] && [ "$arch" != "arm64" ] && [ "$arch" != "aarch64" ]; then
+    echo -e "${yellow}Detected untested architecture ${arch}.${reset}\n This script is tested with amd64 and arm64, but you can use the ARCH env variable to specify an architecture to be interpolated in download links."
  fi
 }

 install_kubectl() {
    echo '=== kubectl'
-    curl -sSLo "${bin}"/kubectl "https://dl.k8s.io/v${kubectl_version}/bin/linux/${ARCH}/kubectl"
+    curl -sSLo "${bin}"/kubectl "https://dl.k8s.io/v${kubectl_version}/bin/${OS}/${ARCH}/kubectl"
    chmod +x "${bin}"/kubectl
    "${bin}"/kubectl version --client=true
 }

 install_kind() {
    echo '=== kind'
-    curl -sSLo "${bin}"/kind "https://github.com/kubernetes-sigs/kind/releases/download/v$kind_version/kind-linux-${ARCH}"
+    curl -sSLo "${bin}"/kind "https://github.com/kubernetes-sigs/kind/releases/download/v$kind_version/kind-${OS}-${ARCH}"
    chmod +x "${bin}"/kind
    "${bin}"/kind version
 }

 install_dapr() {
    echo '=== dapr'
-    curl -sSL "https://github.com/dapr/cli/releases/download/v$dapr_version/dapr_linux_${ARCH}.tar.gz" | \
+    curl -sSL "https://github.com/dapr/cli/releases/download/v$dapr_version/dapr_${OS}_${ARCH}.tar.gz" | \
      tar fxz - -C "${bin}" dapr
    "${bin}"/dapr version
 }

 install_helm() {
  echo '=== helm'
-    curl -sSL "https://get.helm.sh/helm-v$helm_version-linux-${ARCH}.tar.gz" | \
-      tar fxz - -C "${bin}" linux-"${ARCH}"/helm
-    mv "${bin}/linux-${ARCH}"/helm "${bin}" && rmdir "${bin}/linux-${ARCH}"
+    curl -sSL "https://get.helm.sh/helm-v$helm_version-${OS}-${ARCH}.tar.gz" | \
+      tar fxz - -C "${bin}" ${OS}-"${ARCH}"/helm
+    mv "${bin}/${OS}-${ARCH}"/helm "${bin}" && rmdir "${bin}/${OS}-${ARCH}"
    "${bin}"/helm version
 }

 install_stern() {
  echo '=== stern'
-  curl -sSL "https://github.com/stern/stern/releases/download/v${stern_version}/stern_${stern_version}_linux_${ARCH}.tar.gz" | \
+  curl -sSL "https://github.com/stern/stern/releases/download/v${stern_version}/stern_${stern_version}_${OS}_${ARCH}.tar.gz" | \
    tar fxz - -C "${bin}" stern
  "${bin}"/stern -v
 }

 install_kn() {
  echo '=== kn'
-  curl -sSLo "${bin}"/kn "https://github.com/knative/client/releases/download/knative-v${kn_version}/kn-linux-${ARCH}"
+  curl -sSLo "${bin}"/kn "https://github.com/knative/client/releases/download/knative-v${kn_version}/kn-${OS}-${ARCH}"
  chmod +x "${bin}"/kn
  "${bin}"/kn version
 }

 install_jq() {
  echo '=== jq'
-                       # "https://github.com/jqlang/jq/releases/download/jq-1.7.1/jq-linux-amd64"
-  curl -sSLo "${bin}"/jq "https://github.com/jqlang/jq/releases/download/jq-${jq_version}/jq-linux-${ARCH}"
+  # jq uses different naming conventions for macOS
+  if [ "$OS" = "darwin" ]; then
+    JQ_OS="macos"
+  else
+    JQ_OS="linux"
+  fi
+  curl -sSLo "${bin}"/jq "https://github.com/jqlang/jq/releases/download/jq-${jq_version}/jq-${JQ_OS}-${ARCH}"
  chmod +x "${bin}"/jq
  "${bin}"/jq --version
 }
--- a/hack/registry.sh
+++ b/hack/registry.sh
@ -13,7 +13,7 @@
 # limitations under the License.

 #
-# - Registers registry with Docker as trusted (linux only)
+# - Registers registry with Docker as trusted (Linux and macOS)
 #

 set -o errexit
@ -42,11 +42,16 @@ warn_nix() {
    if [[ -x $(command -v "nix") || -x $(command -v "nixos-rebuild") ]]; then
        if [ "$CONTAINER_ENGINE" == "docker" ]; then
          echo "${yellow}Warning: Nix detected${reset}"
-          echo "If Docker was configured using nix, this command will fail to find daemon.json. please configure the insecure registry by modifying your nix config:"
-          echo "  virtualisation.docker = {"
-          echo "    enable = true;"
-          echo "    daemon.settings.insecure-registries = [ \"localhost:50000\" ];"
-          echo "  };"
+          if [[ "$(uname)" == "Darwin" ]]; then
+            echo "If Docker Desktop was installed via Nix on macOS, you may need to manually configure the insecure registry."
+            echo "Please confirm \"localhost:50000\" is specified as an insecure registry in the docker config file."
+          else
+            echo "If Docker was configured using nix, this command will fail to find daemon.json. please configure the insecure registry by modifying your nix config:"
+            echo "  virtualisation.docker = {"
+            echo "    enable = true;"
+            echo "    daemon.settings.insecure-registries = [ \"localhost:50000\" ];"
+            echo "  };"
+          fi
        elif [ "$CONTAINER_ENGINE" == "podman" ]; then
          echo "${yellow}Warning: Nix detected${reset}"
          echo "If podman was configured via Nix, this command will likely fail.  At time of this writing, podman configured via the nix option 'virtualisation.podman' does not have an option for configuring insecure registries."
@ -57,9 +62,35 @@ warn_nix() {
 }

 set_registry_insecure() {
-    patch=".\"insecure-registries\" = [\"localhost:50000\""]
-    sudo jq "$patch" /etc/docker/daemon.json > /tmp/daemon.json.tmp && sudo mv /tmp/daemon.json.tmp /etc/docker/daemon.json
-    sudo service docker restart
+    # Determine the daemon.json location based on OS
+    if [[ "$(uname)" == "Darwin" ]]; then
+        # macOS: Docker Desktop stores daemon.json in ~/.docker/
+        DAEMON_JSON="$HOME/.docker/daemon.json"
+        USE_SUDO=""
+    else
+        # Linux: daemon.json is in /etc/docker/
+        DAEMON_JSON="/etc/docker/daemon.json"
+        USE_SUDO="sudo"
+    fi
+
+    # Create daemon.json if it doesn't exist
+    if [ ! -f "$DAEMON_JSON" ]; then
+        echo "{}" | $USE_SUDO tee "$DAEMON_JSON" > /dev/null
+    fi
+
+    # Update daemon.json with insecure registry
+    patch=".\"insecure-registries\" = [\"localhost:50000\"]"
+    $USE_SUDO jq "$patch" "$DAEMON_JSON" > /tmp/daemon.json.tmp && $USE_SUDO mv /tmp/daemon.json.tmp "$DAEMON_JSON"
+    echo "OK $DAEMON_JSON"
+
+    # Restart Docker based on OS
+    if [[ "$(uname)" == "Darwin" ]]; then
+        # macOS: Restart Docker Desktop
+        echo "${yellow}*** If Docker Desktop is running, please restart it via the menu bar icon ***${reset}"
+    else
+        # Linux: Use service command
+        sudo service docker restart
+    fi
 }

 set_registry_insecure_podman() {
@ -70,6 +101,12 @@ set_registry_insecure_podman() {
        # Append the new section to the file
        echo -e "\n[[registry-insecure-local]]\nlocation = \"localhost:50000\"\ninsecure = true" | sudo tee -a "$FILE" > /dev/null
    fi
+
+    # On macOS, set up SSH port forwarding so Podman VM can access host's localhost:50000
+    if [[ "$(uname)" == "Darwin" ]]; then
+        echo "Setting up port forwarding for Podman VM to access registry..."
+        podman machine ssh -- -L 50000:localhost:50000 -N -f
+    fi
 }

 if [ "$0" = "${BASH_SOURCE[0]}" ]; then