particle-os/debian-forge-composer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

templates/openshift: make the maintenance template generic

Browse source 
We could deploy this job for both composer and each tenant's workers
that's present in app-intf. Then we can remove the maintenance bits from
the composer template.
This commit is contained in:
Sanne Raymaekers 2024-04-29 11:04:03 +02:00
parent 5a776c5b79
commit a87e3069a1
2 changed files with 59 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

4
.github/workflows/tests.yml vendored
View file

@ -286,10 +286,10 @@ jobs:
-p IMAGE_TAG=image_tag \ -p IMAGE_TAG=image_tag \
--local \ --local \
-o yaml > processed-templates/composer.yml -o yaml > processed-templates/composer.yml
oc process -f templates/openshift/maintenance-crc-workers.yml \ oc process -f templates/openshift/maintenance.yml \
-p IMAGE_TAG=image_tag \ -p IMAGE_TAG=image_tag \
--local \ --local \
-o yaml > processed-templates/maintenance-crc-workers.yml -o yaml > processed-templates/maintenance.yml
- uses: stackrox/kube-linter-action@v1.0.5 - uses: stackrox/kube-linter-action@v1.0.5
with: with:

63
templates/openshift/maintenance-crc-workers.yml → templates/openshift/maintenance.yml
View file

@ -1,23 +1,23 @@
apiVersion: v1 apiVersion: v1
kind: Template kind: Template
metadata: metadata:
name: composer name: image-builder-maintenance
annotations: annotations:
openshift.io/display-name: Image Builder CRC worker services openshift.io/display-name: Image Builder maintenance
description: | description: |
Services related to maintaining the CRC workers. Cronjob related to maintaining both composer and the workers.
tags: golang tags: golang
iconClass: icon-shadowman iconClass: icon-shadowman
template.openshift.io/provider-display-name: Red Hat, Inc. template.openshift.io/provider-display-name: Red Hat, Inc.
labels: labels:
template: composer-worker-maintenance template: image-builder-maintenance
objects: objects:
- apiVersion: batch/v1 - apiVersion: batch/v1
kind: CronJob kind: CronJob
metadata: metadata:
labels: labels:
service: image-builder service: image-builder
name: crc-worker-maintenance name: image-builder-maintenance
spec: spec:
# run maintenance job at midnight # run maintenance job at midnight
schedule: 0 0 * * * schedule: 0 0 * * *
@ -32,7 +32,7 @@ objects:
restartPolicy: Never restartPolicy: Never
containers: containers:
- image: "${IMAGE_NAME}:${IMAGE_TAG}" - image: "${IMAGE_NAME}:${IMAGE_TAG}"
name: crc-worker-maintenance name: image-builder-maintenance
resources: resources:
requests: requests:
cpu: "${CPU_REQUEST}" cpu: "${CPU_REQUEST}"
@ -41,72 +41,118 @@ objects:
cpu: "${CPU_LIMIT}" cpu: "${CPU_LIMIT}"
memory: "${MEMORY_LIMIT}" memory: "${MEMORY_LIMIT}"
env: env:
- name: PGHOST
valueFrom:
secretKeyRef:
name: composer-db
key: db.host
optional: true
- name: PGPORT
valueFrom:
secretKeyRef:
name: composer-db
key: db.port
optional: true
- name: PGDATABASE
valueFrom:
secretKeyRef:
name: composer-db
key: db.name
optional: true
- name: PGUSER
valueFrom:
secretKeyRef:
name: composer-db
key: db.user
optional: true
- name: PGPASSWORD
valueFrom:
secretKeyRef:
name: composer-db
key: db.password
optional: true
- name: PGSSLMODE
value: "${PGSSLMODE}"
- name: GCP_AUTH_PROVIDER_X509_CERT_URL - name: GCP_AUTH_PROVIDER_X509_CERT_URL
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: gcp-service-account name: gcp-service-account
key: auth_provider_x509_cert_url key: auth_provider_x509_cert_url
optional: true
- name: GCP_AUTH_URI - name: GCP_AUTH_URI
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: gcp-service-account name: gcp-service-account
key: auth_uri key: auth_uri
optional: true
- name: GCP_CLIENT_EMAIL - name: GCP_CLIENT_EMAIL
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: gcp-service-account name: gcp-service-account
key: client_email key: client_email
optional: true
- name: GCP_CLIENT_ID - name: GCP_CLIENT_ID
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: gcp-service-account name: gcp-service-account
key: client_id key: client_id
optional: true
- name: GCP_CLIENT_X509_CERT_URL - name: GCP_CLIENT_X509_CERT_URL
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: gcp-service-account name: gcp-service-account
key: client_x509_cert_url key: client_x509_cert_url
optional: true
- name: GCP_PRIVATE_KEY - name: GCP_PRIVATE_KEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: gcp-service-account name: gcp-service-account
key: private_key key: private_key
optional: true
- name: GCP_PRIVATE_KEY_ID - name: GCP_PRIVATE_KEY_ID
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: gcp-service-account name: gcp-service-account
key: private_key_id key: private_key_id
optional: true
- name: GCP_PROJECT_ID - name: GCP_PROJECT_ID
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: gcp-service-account name: gcp-service-account
key: project_id key: project_id
optional: true
- name: GCP_TOKEN_URI - name: GCP_TOKEN_URI
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: gcp-service-account name: gcp-service-account
key: token_uri key: token_uri
optional: true
- name: GCP_TYPE - name: GCP_TYPE
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: gcp-service-account name: gcp-service-account
key: type key: type
optional: true
- name: AWS_ACCESS_KEY_ID - name: AWS_ACCESS_KEY_ID
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: aws-account name: aws-account
key: access_key_id key: access_key_id
optional: true
- name: AWS_SECRET_ACCESS_KEY - name: AWS_SECRET_ACCESS_KEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: aws-account name: aws-account
key: secret_access_key key: secret_access_key
optional: true
- name: DRY_RUN - name: DRY_RUN
value: "${MAINTENANCE_DRY_RUN}" value: "${MAINTENANCE_DRY_RUN}"
- name: ENABLE_AWS_MAINTENANCE - name: ENABLE_AWS_MAINTENANCE
value: "${ENABLE_AWS_MAINTENANCE}" value: "${ENABLE_AWS_MAINTENANCE}"
- name: ENABLE_GCP_MAINTENANCE - name: ENABLE_GCP_MAINTENANCE
value: "${ENABLE_GCP_MAINTENANCE}" value: "${ENABLE_GCP_MAINTENANCE}"
- name: ENABLE_DB_MAINTENANCE
value: "${ENABLE_DB_MAINTENANCE}"
- name: MAX_CONCURRENT_REQUESTS - name: MAX_CONCURRENT_REQUESTS
value: "${MAINTENANCE_MAX_CONCURRENT_REQUESTS}" value: "${MAINTENANCE_MAX_CONCURRENT_REQUESTS}"
@ -145,6 +191,11 @@ parameters:
# don't change this value, overwrite it in app-interface for a specific namespace # don't change this value, overwrite it in app-interface for a specific namespace
value: "false" value: "false"
required: true required: true
- description: Enable DB maintenance
name: ENABLE_DB_MAINTENANCE
# don't change this value, overwrite it in app-interface for a specific namespace
value: "false"
required: true
- description: composer-maintenance max concurrent requests - description: composer-maintenance max concurrent requests
name: MAINTENANCE_MAX_CONCURRENT_REQUESTS name: MAINTENANCE_MAX_CONCURRENT_REQUESTS
value: "10" value: "10"