pingu_98/cara
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

openshift: update yamls and checks

Browse source 
* update OpenShift yamls
* fix OpenShift yamls checks
This commit is contained in:
Nicola Tarocco 2024-10-13 22:17:19 +02:00
parent 3a5cf42b3a
commit 4b30f6aaed
No known key found for this signature in database
GPG key ID: A08DEF00BA54E806
8 changed files with 93 additions and 183 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
.gitlab-ci.yml
View file

@ -65,7 +65,6 @@ test-cern-caimira-py39:
.test_openshift_config: .test_openshift_config:
stage: test stage: test
allow_failure: true
image: registry.cern.ch/docker.io/mambaorg/micromamba image: registry.cern.ch/docker.io/mambaorg/micromamba
before_script: before_script:
- micromamba create --yes -p $HOME/env python=3.9 ruamel.yaml wget -c conda-forge - micromamba create --yes -p $HOME/env python=3.9 ruamel.yaml wget -c conda-forge
@ -85,27 +84,24 @@ test-cern-caimira-py39:
paths: paths:
- ./app-config/openshift/${CAIMIRA_INSTANCE}/actual - ./app-config/openshift/${CAIMIRA_INSTANCE}/actual
- ./app-config/openshift/${CAIMIRA_INSTANCE}/expected - ./app-config/openshift/${CAIMIRA_INSTANCE}/expected
only:
- master
- live/caimira-test
check_openshift_config_test: check_openshift_config_test:
extends: .test_openshift_config extends: .test_openshift_config
variables: variables:
CAIMIRA_INSTANCE: 'caimira-test' CAIMIRA_INSTANCE: 'caimira-test'
BRANCH: 'live/caimira-test'
OC_SERVER: https://api.paas.okd.cern.ch OC_SERVER: https://api.paas.okd.cern.ch
OC_TOKEN: "${OPENSHIFT_CAIMIRA_TEST_CONFIG_CHECKER_TOKEN}" OC_TOKEN: "${OPENSHIFT_CAIMIRA_TEST_CONFIG_CHECKER_TOKEN}"
only:
- live/caimira-test
# TODO: for prod, it should ignore the different tag in the `image` field check_openshift_config_prod:
# check_openshift_config_prod: extends: .test_openshift_config
# extends: .test_openshift_config variables:
# variables: CAIMIRA_INSTANCE: 'caimira-prod'
# CAIMIRA_INSTANCE: 'caimira-prod' OC_SERVER: https://api.paas.okd.cern.ch
# BRANCH: 'master' OC_TOKEN: "${OPENSHIFT_CAIMIRA_PROD_CONFIG_CHECKER_TOKEN}"
# OC_SERVER: https://api.paas.okd.cern.ch only:
# OC_TOKEN: "${OPENSHIFT_CAIMIRA_PROD_CONFIG_CHECKER_TOKEN}" - master
# ################################################################################################### # ###################################################################################################
# Build docker images # Build docker images

8
README.md
View file

@ -357,9 +357,7 @@ $ cd app-config/openshift
$ oc process -f configmap.yaml | oc create -f - $ oc process -f configmap.yaml | oc create -f -
$ oc process -f services.yaml | oc create -f - $ oc process -f services.yaml | oc create -f -
$ oc process -f imagestreams.yaml | oc create -f - $ oc process -f deployments.yaml | oc create -f -
$ oc process -f buildconfig.yaml --param GIT_BRANCH='live/caimira-test' | oc create -f -
$ oc process -f deploymentconfig.yaml --param PROJECT_NAME='caimira-test' | oc create -f -
``` ```
Manually create the **route** to access the website, see `routes.example.yaml`. Manually create the **route** to access the website, see `routes.example.yaml`.
@ -453,9 +451,7 @@ $ cd app-config/openshift
$ oc process -f configmap.yaml | oc replace -f - $ oc process -f configmap.yaml | oc replace -f -
$ oc process -f services.yaml | oc replace -f - $ oc process -f services.yaml | oc replace -f -
$ oc process -f imagestreams.yaml | oc replace -f - $ oc process -f deployments.yaml | oc replace -f -
$ oc process -f buildconfig.yaml --param GIT_BRANCH='live/caimira-test' | oc replace -f -
$ oc process -f deploymentconfig.yaml --param PROJECT_NAME='caimira-test' | oc replace -f -
``` ```
Be aware that if you create/recreate the environment you must manually create a **route** in OpenShift, Be aware that if you create/recreate the environment you must manually create a **route** in OpenShift,

4
app-config/openshift/config-fetch.py
View file

@ -38,9 +38,7 @@ def fetch_config(output_directory: pathlib.Path):
for component, name in [ for component, name in [
('configmap', 'auth-service'), ('configmap', 'auth-service'),
('services', None), ('services', None),
('imagestreams', None), ('deployments', None)]:
('buildconfig', None),
('deploymentconfig', None)]:
with (output_directory / f'{component}.yaml').open('wt') as fh: with (output_directory / f'{component}.yaml').open('wt') as fh:
cmd = ['oc', 'get', '-o', 'yaml', component] cmd = ['oc', 'get', '-o', 'yaml', component]

16
app-config/openshift/config-generate.py
View file

@ -17,7 +17,7 @@ def configure_parser(parser: argparse.ArgumentParser) -> None:
) )
def generate_config(output_directory: pathlib.Path, project_name: str, hostname: str, branch: str): def generate_config(output_directory: pathlib.Path):
output_directory.mkdir(exist_ok=True, parents=True) output_directory.mkdir(exist_ok=True, parents=True)
def oc_process(component_name: str, context: typing.Optional[dict] = None): def oc_process(component_name: str, context: typing.Optional[dict] = None):
@ -30,24 +30,18 @@ def generate_config(output_directory: pathlib.Path, project_name: str, hostname:
oc_process('configmap') oc_process('configmap')
oc_process('services') oc_process('services')
oc_process('imagestreams') oc_process('deployments')
oc_process('buildconfig', context={'GIT_BRANCH': branch})
oc_process('deploymentconfig', context={'PROJECT_NAME': project_name})
print(f'Config in: {output_directory.absolute()}') print(f'Config in: {output_directory.absolute()}')
def handler(args: argparse.ArgumentParser) -> None: def handler(args: argparse.ArgumentParser) -> None:
if args.instance == 'caimira-prod': if args.instance == 'caimira-prod':
project_name = 'caimira-prod' pass
branch = 'master'
hostname = 'caimira.web.cern.ch'
elif args.instance == 'caimira-test': elif args.instance == 'caimira-test':
project_name = 'caimira-test' pass
branch = 'live/caimira-test'
hostname = 'caimira-test.web.cern.ch'
generate_config(pathlib.Path(args.output_directory), project_name, hostname, branch) generate_config(pathlib.Path(args.output_directory))
def main(): def main():

26
app-config/openshift/config-normalise.py
View file

@ -34,26 +34,16 @@ def clean_ephemeral_config(config: dict):
item.get('spec', {}).pop('clusterIP', None) item.get('spec', {}).pop('clusterIP', None)
item.get('spec', {}).pop('clusterIPs', None) item.get('spec', {}).pop('clusterIPs', None)
item.get('spec', {}).pop('revisionHistoryLimit', None) item.get('spec', {}).pop('revisionHistoryLimit', None)
item.get('spec', {}).pop('progressDeadlineSeconds', None)
if item['kind'] == 'BuildConfig': if item['kind'] == 'Deployment':
for trigger in item.get('spec', {}).get('triggers', []): item['spec'].pop('strategy', None)
trigger.get('imageChange', {}).pop('lastTriggeredImageID', None)
item.get('spec', {}).pop('failedBuildsHistoryLimit', None)
item.get('spec', {}).pop('successfulBuildsHistoryLimit', None)
if item['kind'] == 'DeploymentConfig':
item['spec'].get('template', {}).get('metadata', {}).pop('creationTimestamp', None) item['spec'].get('template', {}).get('metadata', {}).pop('creationTimestamp', None)
item['spec'].get('template', {}).get('metadata', {}).pop('annotations', None)
for container in item['spec'].get('template', {}).get('spec', {}).get('containers', []): for container in item['spec'].get('template', {}).get('spec', {}).get('containers', []):
# Drop the specific image name (and hash). # Drop the specific image name (and hash).
container.pop('image', None) container.pop('image', None)
item['spec'].get('template', {}).get('metadata', {}).pop('creationTimestamp', None)
for trigger in item['spec'].get('triggers', []):
trigger.get('imageChangeParams', {}).pop('lastTriggeredImage', None)
# Drop the tags on ImageStream
if item['kind'] == 'ImageStream':
item['spec'].pop('tags', None)
# Drop the unnecessary elements on Service # Drop the unnecessary elements on Service
if item['kind'] == 'Service': if item['kind'] == 'Service':
@ -77,14 +67,14 @@ def clean_ephemeral_config(config: dict):
# Fix the configmap single element data structure # Fix the configmap single element data structure
if config['kind'] == 'ConfigMap': if config['kind'] == 'ConfigMap':
config['items'] = [{ config['items'] = [{
'apiVersion': config.get('apiVersion', {}), 'apiVersion': config.get('apiVersion', {}),
'data': config.get('data', {}), 'data': config.get('data', {}),
'kind': config.get('kind', {}), 'kind': config.get('kind', {}),
'metadata': {'name': 'auth-service'} 'metadata': {'name': 'auth-service'}
}] }]
config['kind'] = 'List' config['kind'] = 'List'
config.pop('data', None) config.pop('data', None)
return config return config

146
app-config/openshift/deployments.yaml
View file

@ -10,8 +10,8 @@
template: "caimira-application" template: "caimira-application"
objects: objects:
- -
apiVersion: apps.openshift.io/v1 apiVersion: apps/v1
kind: DeploymentConfig kind: Deployment
metadata: metadata:
name: auth-service name: auth-service
labels: labels:
@ -22,11 +22,10 @@
metadata: metadata:
labels: labels:
app: auth-service app: auth-service
deploymentconfig: auth-service
spec: spec:
containers: containers:
- name: auth-service - name: auth-service
image: '${PROJECT_NAME}/auth-service' image: 'gitlab-registry.cern.ch/caimira/caimira/auth-service:latest'
ports: ports:
- containerPort: 8080 - containerPort: 8080
protocol: TCP protocol: TCP
@ -36,7 +35,13 @@
- secretRef: - secretRef:
name: auth-service-secrets name: auth-service-secrets
imagePullPolicy: Always imagePullPolicy: Always
resources: {} resources:
limits:
cpu: 100m
memory: 250Mi
requests:
cpu: 50m
memory: 40Mi
terminationMessagePath: /dev/termination-log terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File terminationMessagePolicy: File
dnsPolicy: ClusterFirst dnsPolicy: ClusterFirst
@ -53,24 +58,13 @@
maxUnavailable: 25% maxUnavailable: 25%
timeoutSeconds: 600 timeoutSeconds: 600
updatePeriodSeconds: 1 updatePeriodSeconds: 1
type: Rolling type: RollingUpdate
test: false
selector: selector:
deploymentconfig: auth-service matchLabels:
triggers: app: auth-service
- type: ConfigChange
- type: ImageChange
imageChangeParams:
automatic: true
containerNames:
- auth-service
from:
kind: ImageStreamTag
name: 'auth-service:latest'
namespace: ${PROJECT_NAME}
- -
apiVersion: apps.openshift.io/v1 apiVersion: apps/v1
kind: DeploymentConfig kind: Deployment
metadata: metadata:
name: caimira-router name: caimira-router
spec: spec:
@ -80,16 +74,42 @@
labels: labels:
app: caimira-router app: caimira-router
spec: spec:
volumes:
- name: nginx-config
configMap:
name: router
defaultMode: 420
- name: var-run
emptyDir: {}
- name: var-cache-nginx
emptyDir: {}
- name: var-log-nginx
emptyDir: {}
containers: containers:
- name: caimira-router - name: caimira-router
image: '${PROJECT_NAME}/caimira-router' image: 'registry.cern.ch/docker.io/library/nginx:1.23'
ports: ports:
- containerPort: 8080 - containerPort: 8080
protocol: TCP protocol: TCP
- containerPort: 8443 - containerPort: 8443
protocol: TCP protocol: TCP
imagePullPolicy: Always imagePullPolicy: Always
resources: {} resources:
limits:
cpu: 100m
memory: 250Mi
requests:
cpu: 50m
memory: 16Mi
volumeMounts:
- name: nginx-config
mountPath: /etc/nginx/conf.d
- name: var-run
mountPath: /var/run
- name: var-cache-nginx
mountPath: /var/cache/nginx
- name: var-log-nginx
mountPath: /var/log/nginx
terminationMessagePath: /dev/termination-log terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File terminationMessagePolicy: File
dnsPolicy: ClusterFirst dnsPolicy: ClusterFirst
@ -106,24 +126,13 @@
maxUnavailable: 25% maxUnavailable: 25%
timeoutSeconds: 600 timeoutSeconds: 600
updatePeriodSeconds: 1 updatePeriodSeconds: 1
type: Rolling type: RollingUpdate
test: false
selector: selector:
app: caimira-router matchLabels:
triggers: app: caimira-router
- type: ImageChange
imageChangeParams:
automatic: true
containerNames:
- caimira-router
from:
kind: ImageStreamTag
name: 'caimira-router:latest'
namespace: ${PROJECT_NAME}
- type: ConfigChange
- -
apiVersion: apps.openshift.io/v1 apiVersion: apps/v1
kind: DeploymentConfig kind: Deployment
metadata: metadata:
name: calculator-app name: calculator-app
labels: labels:
@ -153,7 +162,7 @@
- name: CAIMIRA_CALCULATOR_PREFIX - name: CAIMIRA_CALCULATOR_PREFIX
value: /calculator-cern value: /calculator-cern
- name: CAIMIRA_THEME - name: CAIMIRA_THEME
value: caimira/apps/templates/cern value: cern_caimira/apps/templates/cern
- name: ARVE_CLIENT_ID - name: ARVE_CLIENT_ID
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
@ -173,7 +182,7 @@
value: '0' value: '0'
- name: CAIMIRA_PROFILER_ENABLED - name: CAIMIRA_PROFILER_ENABLED
value: '1' value: '1'
image: '${PROJECT_NAME}/calculator-app' image: 'gitlab-registry.cern.ch/caimira/caimira/calculator-app:latest'
ports: ports:
- containerPort: 8080 - containerPort: 8080
protocol: TCP protocol: TCP
@ -193,8 +202,8 @@
cpu: '3' cpu: '3'
memory: 3Gi memory: 3Gi
requests: requests:
cpu: '1' cpu: 50m
memory: 1Gi memory: 250Mi
terminationMessagePath: /dev/termination-log terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File terminationMessagePolicy: File
dnsPolicy: ClusterFirst dnsPolicy: ClusterFirst
@ -211,24 +220,13 @@
maxUnavailable: 25% maxUnavailable: 25%
timeoutSeconds: 600 timeoutSeconds: 600
updatePeriodSeconds: 1 updatePeriodSeconds: 1
type: Rolling type: RollingUpdate
test: false
selector: selector:
app: calculator-app matchLabels:
triggers: app: calculator-app
- type: ImageChange
imageChangeParams:
automatic: true
containerNames:
- calculator-app
from:
kind: ImageStreamTag
name: 'calculator-app:latest'
namespace: ${PROJECT_NAME}
- type: ConfigChange
- -
apiVersion: apps.openshift.io/v1 apiVersion: apps/v1
kind: DeploymentConfig kind: Deployment
metadata: metadata:
name: calculator-open-app name: calculator-open-app
labels: labels:
@ -254,7 +252,7 @@
value: '0' value: '0'
- name: CAIMIRA_PROFILER_ENABLED - name: CAIMIRA_PROFILER_ENABLED
value: '1' value: '1'
image: '${PROJECT_NAME}/calculator-app' image: 'gitlab-registry.cern.ch/caimira/caimira/calculator-app:latest'
ports: ports:
- containerPort: 8080 - containerPort: 8080
protocol: TCP protocol: TCP
@ -264,8 +262,8 @@
cpu: '3' cpu: '3'
memory: 3Gi memory: 3Gi
requests: requests:
cpu: '1' cpu: 50m
memory: 1Gi memory: 250Mi
terminationMessagePath: /dev/termination-log terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File terminationMessagePolicy: File
dnsPolicy: ClusterFirst dnsPolicy: ClusterFirst
@ -282,25 +280,7 @@
maxUnavailable: 25% maxUnavailable: 25%
timeoutSeconds: 600 timeoutSeconds: 600
updatePeriodSeconds: 1 updatePeriodSeconds: 1
type: Rolling type: RollingUpdate
test: false
selector: selector:
app: calculator-open-app matchLabels:
triggers: app: calculator-open-app
- type: ConfigChange
- type: ImageChange
imageChangeParams:
automatic: true
containerNames:
- calculator-open-app
from:
kind: ImageStreamTag
name: 'calculator-app:latest'
namespace: ${PROJECT_NAME}
- type: ConfigChange
parameters:
- name: PROJECT_NAME
description: The name of this project, e.g. caimira-test
required: true

44
app-config/openshift/imagestreams.yaml
View file

@ -1,44 +0,0 @@
---
kind: "Template"
apiVersion: template.openshift.io/v1
metadata:
name: "caimira-imagestreams"
creationTimestamp: null
annotations:
description: "CAiMIRA imagestreams OpenShift template."
tags: "caimira-imagestreams"
labels:
template: "caimira-application"
objects:
-
kind: ImageStream
apiVersion: image.openshift.io/v1
metadata:
name: auth-service
spec:
lookupPolicy:
local: False
-
kind: ImageStream
apiVersion: image.openshift.io/v1
metadata:
name: caimira-router
spec:
lookupPolicy:
local: False
-
kind: ImageStream
apiVersion: image.openshift.io/v1
metadata:
name: calculator-app
spec:
lookupPolicy:
local: False
-
kind: ImageStream
apiVersion: image.openshift.io/v1
metadata:
name: calculator
spec:
lookupPolicy:
local: False

8
app-config/openshift/services.yaml
View file

@ -24,7 +24,7 @@
protocol: TCP protocol: TCP
targetPort: 8080 targetPort: 8080
selector: selector:
deploymentconfig: auth-service app: auth-service
sessionAffinity: 'None' sessionAffinity: 'None'
type: 'ClusterIP' type: 'ClusterIP'
- -
@ -41,7 +41,7 @@
protocol: TCP protocol: TCP
targetPort: 8080 targetPort: 8080
selector: selector:
deploymentconfig: caimira-router app: caimira-router
sessionAffinity: 'None' sessionAffinity: 'None'
type: 'ClusterIP' type: 'ClusterIP'
- -
@ -58,7 +58,7 @@
protocol: TCP protocol: TCP
targetPort: 8080 targetPort: 8080
selector: selector:
deploymentconfig: calculator-app app: calculator-app
sessionAffinity: 'None' sessionAffinity: 'None'
type: 'ClusterIP' type: 'ClusterIP'
- -
@ -75,6 +75,6 @@
protocol: TCP protocol: TCP
targetPort: 8080 targetPort: 8080
selector: selector:
deploymentconfig: calculator-open-app app: calculator-open-app
sessionAffinity: 'None' sessionAffinity: 'None'
type: 'ClusterIP' type: 'ClusterIP'