particle-os/debian-forge-composer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

templates/openshift: split worker from composer maintenance

Browse source
This commit is contained in:
Sanne Raymaekers 2024-04-24 13:36:10 +02:00
parent 3827f710de
commit 5a776c5b79
3 changed files with 162 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
.github/workflows/tests.yml vendored
View file

@ -282,10 +282,14 @@ jobs:
- name: Process template - name: Process template
run: | run: |
mkdir processed-templates mkdir processed-templates
oc process -f templates/composer.yml \ oc process -f templates/openshift/composer.yml \
-p IMAGE_TAG=image_tag \ -p IMAGE_TAG=image_tag \
--local \ --local \
-o yaml > processed-templates/composer.yml -o yaml > processed-templates/composer.yml
oc process -f templates/openshift/maintenance-crc-workers.yml \
-p IMAGE_TAG=image_tag \
--local \
-o yaml > processed-templates/maintenance-crc-workers.yml
- uses: stackrox/kube-linter-action@v1.0.5 - uses: stackrox/kube-linter-action@v1.0.5
with: with:

7
cmd/osbuild-service-maintenance/main.go
View file

@ -16,7 +16,12 @@ func main() {
cutoff := time.Now().Add(-(time.Hour * 24 * 14)) cutoff := time.Now().Add(-(time.Hour * 24 * 14))
logrus.Infof("Cutoff date: %v", cutoff) logrus.Infof("Cutoff date: %v", cutoff)
var conf Config conf := Config{
MaxConcurrentRequests: 20,
EnableDBMaintenance: false,
EnableGCPMaintenance: false,
EnableAWSMaintenance: false,
}
err := LoadConfigFromEnv(&conf) err := LoadConfigFromEnv(&conf)
if err != nil { if err != nil {
logrus.Fatal(err) logrus.Fatal(err)

151
templates/openshift/maintenance-crc-workers.yml Normal file
View file

@ -0,0 +1,151 @@
apiVersion: v1
kind: Template
metadata:
name: composer
annotations:
openshift.io/display-name: Image Builder CRC worker services
description: |
Services related to maintaining the CRC workers.
tags: golang
iconClass: icon-shadowman
template.openshift.io/provider-display-name: Red Hat, Inc.
labels:
template: composer-worker-maintenance
objects:
- apiVersion: batch/v1
kind: CronJob
metadata:
labels:
service: image-builder
name: crc-worker-maintenance
spec:
# run maintenance job at midnight
schedule: 0 0 * * *
concurrencyPolicy: Forbid
# don't run if the job doesn't get scheduled within 30 minutes
startingDeadlineSeconds: 1800
jobTemplate:
spec:
template:
spec:
serviceAccountName: image-builder
restartPolicy: Never
containers:
- image: "${IMAGE_NAME}:${IMAGE_TAG}"
name: crc-worker-maintenance
resources:
requests:
cpu: "${CPU_REQUEST}"
memory: "${MEMORY_REQUEST}"
limits:
cpu: "${CPU_LIMIT}"
memory: "${MEMORY_LIMIT}"
env:
- name: GCP_AUTH_PROVIDER_X509_CERT_URL
valueFrom:
secretKeyRef:
name: gcp-service-account
key: auth_provider_x509_cert_url
- name: GCP_AUTH_URI
valueFrom:
secretKeyRef:
name: gcp-service-account
key: auth_uri
- name: GCP_CLIENT_EMAIL
valueFrom:
secretKeyRef:
name: gcp-service-account
key: client_email
- name: GCP_CLIENT_ID
valueFrom:
secretKeyRef:
name: gcp-service-account
key: client_id
- name: GCP_CLIENT_X509_CERT_URL
valueFrom:
secretKeyRef:
name: gcp-service-account
key: client_x509_cert_url
- name: GCP_PRIVATE_KEY
valueFrom:
secretKeyRef:
name: gcp-service-account
key: private_key
- name: GCP_PRIVATE_KEY_ID
valueFrom:
secretKeyRef:
name: gcp-service-account
key: private_key_id
- name: GCP_PROJECT_ID
valueFrom:
secretKeyRef:
name: gcp-service-account
key: project_id
- name: GCP_TOKEN_URI
valueFrom:
secretKeyRef:
name: gcp-service-account
key: token_uri
- name: GCP_TYPE
valueFrom:
secretKeyRef:
name: gcp-service-account
key: type
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: aws-account
key: access_key_id
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: aws-account
key: secret_access_key
- name: DRY_RUN
value: "${MAINTENANCE_DRY_RUN}"
- name: ENABLE_AWS_MAINTENANCE
value: "${ENABLE_AWS_MAINTENANCE}"
- name: ENABLE_GCP_MAINTENANCE
value: "${ENABLE_GCP_MAINTENANCE}"
- name: MAX_CONCURRENT_REQUESTS
value: "${MAINTENANCE_MAX_CONCURRENT_REQUESTS}"
parameters:
- description: maintenance image name
name: IMAGE_NAME
value: quay.io/app-sre/composer-maintenance
required: true
- description: composer image tag
name: IMAGE_TAG
required: true
- name: CPU_REQUEST
description: CPU request per container
value: "50m"
- name: CPU_LIMIT
description: CPU limit per container
value: "100m"
- name: MEMORY_REQUEST
description: Memory request per container
value: "128Mi"
- name: MEMORY_LIMIT
description: Memory limit per container
value: "512Mi"
- description: composer-maintenance dry run
name: MAINTENANCE_DRY_RUN
# don't change this value, overwrite it in app-interface for a specific namespace
value: "true"
required: true
- description: Enable AWS maintenance
name: ENABLE_AWS_MAINTENANCE
# don't change this value, overwrite it in app-interface for a specific namespace
value: "false"
required: true
- description: Enable GPC maintenance
name: ENABLE_GCP_MAINTENANCE
# don't change this value, overwrite it in app-interface for a specific namespace
value: "false"
required: true
- description: composer-maintenance max concurrent requests
name: MAINTENANCE_MAX_CONCURRENT_REQUESTS
value: "10"
required: true