configuration for new GCP project (#31)

* configuration for new GCP project * fixed typo * fixed image names * set temporary urls during migration phase * updated config after benchmarks
google · Oct 28, 2019 · 40e8c91 · 40e8c91
1 parent c90819c
commit 40e8c91
Show file tree

Hide file tree

Showing 11 changed files with 80 additions and 92 deletions.
diff --git a/README.md b/README.md
@@ -63,11 +63,9 @@ These are the steps to set up the build server on a clean infrastructure:
     ```
 1. Push the docker images to gcr.io:
     ```bash
-    cd containers/debian-testing-clang8
-    ./build_deploy.sh
-
-    cd ../jenkins-master
-    ./build_deploy.sh
+    cd containers
+    #for each subfolder:
+    ./build_deploy.sh <foldername>
     ```
 1. Deploy the stack:
     ```bash
@@ -76,17 +74,6 @@ These are the steps to set up the build server on a clean infrastructure:
     ```
 1. Configure it
 
-## handling SSH keys
-The Jenkins server SSHs into the agents to start the agent application. Thus the master needs SSH access to the agent. To set this up:
-
-1. Create an SSH key pair locally with `ssh-keygen`.
-1. Copy the contents of `id_rsa` to the credentials section of the Jenkins UI.
-1. Configure the agent in the Jenkins UI to use the new SSH keys you just uploaded.
-1. Copy the contents of `id_rsa.pub` to `containers/<agent dir>/authorized keys`.
-1. Rebuild and deploy the agents.
-
-While this works, it does not fell like the perfect solution. I'm happy to get better ideas on this.
-
 ## creating basic authentication for reverse proxy
 
 1. create auth file, based on [ingress-nginx documentation](https://github.com/kubernetes/ingress-nginx/tree/master/docs/examples/auth/basic)

diff --git a/k8s_config b/k8s_config
@@ -1,5 +1,5 @@
 # config options
 GCP_ZONE="us-central1-a"
-GCP_CLUSTER="llvm-merge-guards"
-GCP_PROJECT="llvm-windows-development"
+GCP_CLUSTER="llvm-premerge-checks"
+GCP_PROJECT="llvm-premerge-checks"
 GCR_HOSTNAME="gcr.io"
diff --git a/kubernetes/cluster_create.sh b/kubernetes/cluster_create.sh
@@ -23,20 +23,14 @@ source "${ROOT_DIR}/k8s_config"
 
 # create the cluster
 gcloud container clusters create $GCP_CLUSTER --zone $GCP_ZONE \
-    --machine-type=n1-standard-32 --num-nodes=1
+    --machine-type=n1-standard-4 --num-nodes=1
 
-# add a node pool for interfaces and other services
-# this is separate from the heavily loaded agents
-gcloud container node-pools create services --cluster $GCP_CLUSTER --zone $GCP_ZONE \
-    --machine-type=n1-standard-4 --num-nodes 1
-
-# test with a machine with ssd
+# Jenkins agents with local ssd
 # as per instructions
 # https://cloud.google.com/kubernetes-engine/docs/how-to/persistent-volumes/local-ssd
 gcloud container node-pools create jenkins-agents --cluster $GCP_CLUSTER --zone $GCP_ZONE \
     --machine-type=n1-standard-32 --num-nodes=2 --local-ssd-count=1
 
-
 # create static IP address
 # IP can be created, but not used in Ingress. Not sure why
-gcloud compute addresses create web-static-ip --region=$GCP_ZONE
+gcloud compute addresses create web-static-ip --zone=$GCP_ZONE
diff --git a/kubernetes/jenkins-staging/Deployment.yaml b/kubernetes/jenkins-staging/Deployment.yaml
@@ -58,5 +58,5 @@ spec:
           pdName: jenkins-home-staging
           fsType: ext4
       nodeSelector:
-        cloud.google.com/gke-nodepool: services
+        cloud.google.com/gke-nodepool: default-pool
 ---
diff --git a/kubernetes/jenkins.yaml b/kubernetes/jenkins.yaml
@@ -70,7 +70,7 @@ spec:
       hostname: jenkins-master
       containers:
       - name: master
-        image: gcr.io/llvm-windows-development/jenkins-master
+        image: gcr.io/llvm-premerge-checks/jenkins-master
         ports:
         - containerPort: 8080
         - containerPort: 50000
@@ -101,7 +101,7 @@ spec:
           pdName: jenkins-home
           fsType: ext4
       nodeSelector:
-        cloud.google.com/gke-nodepool: services
+        cloud.google.com/gke-nodepool: default-pool
 ---
 kind: Service
 apiVersion: v1
@@ -162,7 +162,7 @@ spec:
     spec:
       containers:
       - name: agent-debian-testing-clang8
-        image: gcr.io/llvm-windows-development/agent-debian-testing-clang8-ssd    
+        image: gcr.io/llvm-premerge-checks/agent-debian-testing-clang8-ssd    
         ports:
         - containerPort: 22
         resources:

diff --git a/kubernetes/nfs.yaml b/kubernetes/nfs.yaml
@@ -63,7 +63,7 @@ spec:
             pdName: results
             fsType: ext4
       nodeSelector:
-        cloud.google.com/gke-nodepool: services
+        cloud.google.com/gke-nodepool: default-pool
 ---
 apiVersion: v1
 kind: Service

diff --git a/kubernetes/results-nginx/Deployment.yaml b/kubernetes/results-nginx/Deployment.yaml
@@ -29,7 +29,7 @@ spec:
     spec:
       containers:
       - name: nginx-results
-        image: gcr.io/llvm-windows-development/nginx-results
+        image: gcr.io/llvm-premerge-checks/nginx-results
         ports:
         - containerPort: 80
         readinessProbe:
@@ -55,4 +55,4 @@ spec:
         persistentVolumeClaim:
           claimName: nfs-jenkins
       nodeSelector:
-        cloud.google.com/gke-nodepool: services
+        cloud.google.com/gke-nodepool: default-pool
diff --git a/kubernetes/reverse-proxy/Certificates.yaml b/kubernetes/reverse-proxy/Certificates.yaml
@@ -44,7 +44,7 @@ metadata:
   name: results-prod-tls-cert
   namespace: cert-manager
 spec:
-  commonName: results.llvm-merge-guard.org
+  commonName: results.new.llvm-merge-guard.org
   secretName: results-prod-tls
   issuerRef:
     name: letsencrypt-prod
@@ -56,7 +56,7 @@ metadata:
   name: jenkins-prod-tls-cert
   namespace: cert-manager
 spec:
-  commonName: jenkins.llvm-merge-guard.org
+  commonName: jenkins.new.llvm-merge-guard.org
   secretName: jenkins-prod-tls
   issuerRef:
     name: letsencrypt-prod

diff --git a/kubernetes/reverse-proxy/Ingress.yaml b/kubernetes/reverse-proxy/Ingress.yaml
@@ -31,10 +31,10 @@ spec:
   tls:
   - secretName: jenkins-prod-tls
     hosts:
-    - jenkins.llvm-merge-guard.org
+    - jenkins.new.llvm-merge-guard.org
 
   rules:
-  - host: jenkins.llvm-merge-guard.org
+  - host: jenkins.new.llvm-merge-guard.org
     http:
       paths:
       - backend:
@@ -56,65 +56,65 @@ spec:
   tls:
   - secretName: results-prod-tls
     hosts:
-    - results.llvm-merge-guard.org
+    - results.new.llvm-merge-guard.org
   rules:
-  - host: results.llvm-merge-guard.org
+  - host: results.new.llvm-merge-guard.org
     http:
       paths:
       - backend:
           serviceName: nginx-results
           servicePort: 80
----
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
-  name: nginx-ingress-staging-jenkins
-  namespace: jenkins
-  annotations:
-    # static IP assignment not working. Not sure why.
-    kubernetes.io/ingress.global-static-ip-name: "web-static-ip"
-    kubernetes.io/ingress.class: "nginx"    
-    cert-manager.io/issuer: "letsencrypt-staging"
-    nginx.ingress.kubernetes.io/auth-type: basic
-    nginx.ingress.kubernetes.io/auth-secret: proxy-auth
-    nginx.ingress.kubernetes.io/auth-realm: "Authentication Required - LLVM pre-merge checks"
-    nginx.ingress.kubernetes.io/configuration-snippet: |
-        proxy_set_header Authorization $remote_user;
-spec:
-  tls:
-  - secretName: jenkins-staging-tls
-    hosts:
-    - jenkins.staging.llvm-merge-guard.org
+# ---
+# apiVersion: extensions/v1beta1
+# kind: Ingress
+# metadata:
+#   name: nginx-ingress-staging-jenkins
+#   namespace: jenkins
+#   annotations:
+#     # static IP assignment not working. Not sure why.
+#     kubernetes.io/ingress.global-static-ip-name: "web-static-ip"
+#     kubernetes.io/ingress.class: "nginx"    
+#     cert-manager.io/issuer: "letsencrypt-staging"
+#     nginx.ingress.kubernetes.io/auth-type: basic
+#     nginx.ingress.kubernetes.io/auth-secret: proxy-auth
+#     nginx.ingress.kubernetes.io/auth-realm: "Authentication Required - LLVM pre-merge checks"
+#     nginx.ingress.kubernetes.io/configuration-snippet: |
+#         proxy_set_header Authorization $remote_user;
+# spec:
+#   tls:
+#   - secretName: jenkins-staging-tls
+#     hosts:
+#     - jenkins.staging.llvm-merge-guard.org
 
-  rules:
-  - host: jenkins.staging.llvm-merge-guard.org
-    http:
-      paths:
-      - backend:
-          serviceName: jenkins-ui-staging
-          servicePort: 8080
----
+#   rules:
+#   - host: jenkins.staging.llvm-merge-guard.org
+#     http:
+#       paths:
+#       - backend:
+#           serviceName: jenkins-ui-staging
+#           servicePort: 8080
+# ---
 
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
-  name: nginx-ingress-staging-results
-  namespace: jenkins
-  annotations:
-    # static IP assignment not working. Not sure why.
-    kubernetes.io/ingress.global-static-ip-name: "web-static-ip"
-    kubernetes.io/ingress.class: "nginx"    
-    cert-manager.io/issuer: "letsencrypt-staging"
-spec:
-  tls:
-  - secretName: results-staging-tls
-    hosts:
-    - results.staging.llvm-merge-guard.org
-  rules:
-  - host: results.staging.llvm-merge-guard.org
-    http:
-      paths:
-      - backend:
-          serviceName: nginx-results
-          servicePort: 80
----
+# apiVersion: extensions/v1beta1
+# kind: Ingress
+# metadata:
+#   name: nginx-ingress-staging-results
+#   namespace: jenkins
+#   annotations:
+#     # static IP assignment not working. Not sure why.
+#     kubernetes.io/ingress.global-static-ip-name: "web-static-ip"
+#     kubernetes.io/ingress.class: "nginx"    
+#     cert-manager.io/issuer: "letsencrypt-staging"
+# spec:
+#   tls:
+#   - secretName: results-staging-tls
+#     hosts:
+#     - results.staging.llvm-merge-guard.org
+#   rules:
+#   - host: results.staging.llvm-merge-guard.org
+#     http:
+#       paths:
+#       - backend:
+#           serviceName: nginx-results
+#           servicePort: 80
+# ---
diff --git a/kubernetes/reverse-proxy/Namespace.yaml b/kubernetes/reverse-proxy/Namespace.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata: 
+  name: jenkins
+  labels: 
+    name: jenkins
diff --git a/kubernetes/reverse-proxy/kustomization.yaml b/kubernetes/reverse-proxy/kustomization.yaml
@@ -16,6 +16,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: jenkins
 resources:
+  - Namespace.yaml
   - Issuer.yaml
   - Certificates.yaml
   - Ingress.yaml