- Overview
- Why
- Features
- Packages
- How to deploy all components
- How to deploy a specific component
- How does this work ?
Installs Prow and all components needed to support in on a GKE Kubernetes Cluster.
In order to get Prow up and running on a vanilla GKE Kubernetes cluster one has to install various components. This installer installs everything needed to get a self sustaining Prow installation in a vanilla GKE cluster.
- PodDisruptionBudgets for all GKE system components such that the AutoScaler works nicely.
- Drain GKE Preemptible Nodes before GKE takes them away to minimize disruption
- This means that all Preemptible nodes get recycled every 12-16 hours.
- Handle Node Termination signals from GKE
- When GKE sends a SIGTERM to a node, the controller makes sure the node starts draining gracefully to minimize disruption
- Fetches CredStash Secrets and injects them in the prow and build namespaces
- Create/Renew TLS Certificates via cert-manager
- authN's the prow dashboard and other ingress' using GitHub OAuth
- Create/Update DNS Records using external-dns
- Provide Ingress using the nginx-ingress-controller
- Manages Prow and all of its components
The installer will deploy the following packages:
| Package | Notes | Docs |
|---|---|---|
| bootstrap | contains cluster role bindings for the admin group, storage classes and pod disruption budgets for the smooth operation of the GKE AutoScaler | link |
| gke preemptible killer | kills the GKE preemptible nodes before Google reclaims them. This means that instances get recycled every 12 hours or thereabouts | link |
| gke node termination handler | watches for a signal from GKE that the node is being killed and gracefully terminates pods on the nodes in question | link |
| credstashoperator | allows us to have CredstashSecrets and use them for builds | link |
| cert-manager | creates and manages TLS certificates for all ingress and external services | link |
| oauthproxy | provides authN to ingress using GitHub OAuth app | link |
| externaldns | manages DNS records from ingress | link |
| nginxingress | manages an nginx cluster for all ingress' in the cluster | link |
| prow | creates all prow components in the cluster | link |
| buildsecrets | creates CredstashSecrets for builds | link |
make deploywill install all packages in the natural sorting order
make $PACKAGE-deploywherePACKAGEis the package you wish to deploy eg00-bootstrap
A package is effectively a folder called number-packagename where number is used for the natural sorting and package name is the package name.
- values.yaml: contains package related tags, eg:
nginxingress: namespace: nginx-ingress helm: # The name of the Release name: peach # The chart's name - can also be a URL chart: stable/nginx-ingress # If using a registry, specify the version. If the chart is a URL, set the version to null version: 1.24.4 00-manifests:- Contains yaml manifests that get templated using the package's values.yaml and the main one
01-helm:- Contains helm chart's values.yaml. Supports templating
02-manifests:- Contains yaml manifests that get templated using the package's values.yaml and the main one
-
values.yaml: contains package related tags which are used in the steps below
-
00-manifests: Runs always first. If it does not exist, its skipped- Contents get templated using the package's values.yaml and the main one
kubectl applygets executed
-
01-helm: Runs always after00-manifests. If it does not exist, its skipped- Contents of
01-helm/values.yamlget templated using the package's values.yaml and the main one - Chart gets installed/upgraded using the package's values.yaml
helm.[name|version|chart]tags- If
helm.versionis not set thenhelm.chartis treated as a being a URL
- If
- Contents of
-
02-manifests: Runs always after01-helm. If it does not exist, its skipped- Contents get templated using the package's values.yaml and the main one
kubectl applygets executed