Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

implement promote feature with k8s #2350

Merged
merged 4 commits into from
Dec 2, 2020
Merged

implement promote feature with k8s #2350

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
81f1af5
implement promote feature with k8s
Schnitzel Nov 30, 2020
9f4e2d5
Merge branch 'master' into k8s-promote
Schnitzel Dec 1, 2020
0e7df0b
Merge branch 'master' into k8s-promote
Schnitzel Dec 2, 2020
f2ef31d
skip promote testing on k8s controller, as it's not implemented yet
Schnitzel Dec 2, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 1 addition & 1 deletion Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -376,7 +376,7 @@ $(all-controller-k8s-tests): k3d controller-k8s-test-services-up
$(MAKE) push-local-registry -j6
$(eval testname = $(subst controller-k8s-tests/,,$@))
IMAGE_REPO=$(CI_BUILD_TAG) docker-compose -p $(CI_BUILD_TAG) --compatibility run --rm \
tests-controller-kubernetes ansible-playbook --skip-tags="skip-on-kubernetes" \
tests-controller-kubernetes ansible-playbook --skip-tags="skip-on-kubernetes,skip-on-kubernetes-controller" \
/ansible/tests/$(testname).yaml \
--extra-vars \
"$$(cat $$(./local-dev/k3d get-kubeconfig --name='$(K3D_NAME)') | \
Expand Down
11 changes: 6 additions & 5 deletions images/kubectl-build-deploy-dind/build-deploy-docker-compose.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1000,12 +1000,13 @@ elif [ "$BUILD_TYPE" == "pullrequest" ] || [ "$BUILD_TYPE" == "branch" ]; then
IMAGE_HASHES[${IMAGE_NAME}]=$(docker inspect ${REGISTRY}/${PROJECT}/${ENVIRONMENT}/${IMAGE_NAME}:${IMAGE_TAG:-latest} --format '{{json .RepoDigests}}' | "${JQ_QUERY[@]}")
done

# elif [ "$BUILD_TYPE" == "promote" ]; then
elif [ "$BUILD_TYPE" == "promote" ]; then

# for IMAGE_NAME in "${IMAGES[@]}"
# do
# . /kubectl-build-deploy/scripts/exec-kubernetes-tag.sh
# done
for IMAGE_NAME in "${IMAGES[@]}"
do
. /kubectl-build-deploy/scripts/exec-kubernetes-promote.sh
IMAGE_HASHES[${IMAGE_NAME}]=$(skopeo inspect docker://${REGISTRY}/${PROJECT}/${ENVIRONMENT}/${IMAGE_NAME}:${IMAGE_TAG:-latest} --tls-verify=false | jq ".Name + \"@\" + .Digest" -r)
done

fi

Expand Down
2 changes: 2 additions & 0 deletions images/kubectl-build-deploy-dind/scripts/exec-kubernetes-promote.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
#!/bin/bash
skopeo copy --src-tls-verify=false --dest-tls-verify=false docker://${REGISTRY}/${PROJECT}/${PROMOTION_SOURCE_ENVIRONMENT}/${IMAGE_NAME}:${IMAGE_TAG:-latest} docker://${REGISTRY}/${PROJECT}/${ENVIRONMENT}/${IMAGE_NAME}:${IMAGE_TAG:-latest}
2 changes: 0 additions & 2 deletions images/kubectl-build-deploy-dind/scripts/exec-kubernetes-tag.sh
View file
Open in desktop

This file was deleted.

1 change: 1 addition & 0 deletions local-dev/api-data/03-populate-api-data-kubernetes.gql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -573,6 +573,7 @@ mutation PopulateApi {
activeSystemsTask: "lagoon_kubernetesJob"
activeSystemsMisc: "lagoon_kubernetesMisc"
activeSystemsDeploy: "lagoon_kubernetesBuildDeploy"
activeSystemsPromote: "lagoon_kubernetesBuildDeploy"
activeSystemsRemove: "lagoon_kubernetesRemove"
}
) {
Expand Down
3 changes: 2 additions & 1 deletion node-packages/commons/src/tasks.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -775,7 +775,8 @@ export const createPromoteTask = async function(promoteData: any) {
switch (project.activeSystemsPromote) {
case 'lagoon_openshiftBuildDeploy':
return sendToLagoonTasks('builddeploy-openshift', promoteData);

case 'lagoon_kubernetesBuildDeploy':
return sendToLagoonTasks('builddeploy-kubernetes', promoteData);
default:
throw new UnknownActiveSystem(
`Unknown active system '${project.activeSystemsPromote}' for task 'deploy' in for project ${projectName}`
Expand Down
48 changes: 0 additions & 48 deletions services/kubernetesbuilddeploy/src/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,6 @@ const messageConsumer = async msg => {
var prPullrequestNumber = branch.replace('pr-','')
var graphqlEnvironmentType = environmentType.toUpperCase()
var graphqlGitType = buildType.toUpperCase()
var openshiftPromoteSourceProject = promoteSourceEnvironment ? `${projectName}-${ocsafety(promoteSourceEnvironment)}` : ""
// A secret which is the same across all Environments of this Lagoon Project
var projectSecret = crypto.createHash('sha256').update(`${projectName}-${jwtSecret}`).digest('hex');
var alertContactHA = ""
Expand Down Expand Up @@ -292,7 +291,6 @@ const messageConsumer = async msg => {
}
if (buildType == "promote") {
jobconfig.spec.template.spec.containers[0].env.push({"name": "PROMOTION_SOURCE_ENVIRONMENT","value": promoteSourceEnvironment})
jobconfig.spec.template.spec.containers[0].env.push({"name": "PROMOTION_SOURCE_NAMESPACE","value": openshiftPromoteSourceProject})
}
if (!R.isEmpty(projectOpenShift.envVariables)) {
jobconfig.spec.template.spec.containers[0].env.push({"name": "LAGOON_PROJECT_VARIABLES", "value": JSON.stringify(projectOpenShift.envVariables)})
Expand Down Expand Up @@ -340,20 +338,6 @@ const messageConsumer = async msg => {
// kubernetes-client does not know about the OpenShift Resources, let's teach it.
kubernetes.ns.addResource('rolebindings');

// // If we should promote, first check if the source project does exist
// if (buildType == "promote") {
// try {
// const promotionSourceProjectsGet = promisify(openshift.projects(openshiftPromoteSourceProject).get)
// await promotionSourceProjectsGet()
// logger.info(`${openshiftProject}: Promotion Source Project ${openshiftPromoteSourceProject} exists, continuing`)
// } catch (err) {
// const error = `${openshiftProject}: Promotion Source Project ${openshiftPromoteSourceProject} does not exists, ${err}`
// logger.error(error)
// throw new Error(error)
// }
// }


// Create a new Namespace if it does not exist
let namespaceStatus = {}
try {
Expand Down Expand Up @@ -416,38 +400,6 @@ const messageConsumer = async msg => {
}
}

// // Give the ServiceAccount access to the Promotion Source Project, it needs two roles: 'view' and 'system:image-puller'
// if (buildType == "promote") {
// try {
// const promotionSourcRolebindingsGet = promisify(openshift.ns(openshiftPromoteSourceProject).rolebindings(`${openshiftProject}-lagoon-deployer-view`).get)
// await promotionSourcRolebindingsGet()
// logger.info(`${openshiftProject}: RoleBinding ${openshiftProject}-lagoon-deployer-view in ${openshiftPromoteSourceProject} does already exist, continuing`)
// } catch (err) {
// if (err.code == 404) {
// logger.info(`${openshiftProject}: RoleBinding ${openshiftProject}-lagoon-deployer-view in ${openshiftPromoteSourceProject} does not exists, creating`)
// const promotionSourceRolebindingsPost = promisify(openshift.ns(openshiftPromoteSourceProject).rolebindings.post)
// await promotionSourceRolebindingsPost({ body: {"kind":"RoleBinding","apiVersion":"v1","metadata":{"name":`${openshiftProject}-lagoon-deployer-view`,"namespace":openshiftPromoteSourceProject},"roleRef":{"name":"view"},"subjects":[{"name":"lagoon-deployer","kind":"ServiceAccount","namespace":openshiftProject}]}})
// } else {
// logger.error(err)
// throw new Error
// }
// }
// try {
// const promotionSourceRolebindingsGet = promisify(openshift.ns(openshiftPromoteSourceProject).rolebindings(`${openshiftProject}-lagoon-deployer-image-puller`).get)
// await promotionSourceRolebindingsGet()
// logger.info(`${openshiftProject}: RoleBinding ${openshiftProject}-lagoon-deployer-image-puller in ${openshiftPromoteSourceProject} does already exist, continuing`)
// } catch (err) {
// if (err.code == 404) {
// logger.info(`${openshiftProject}: RoleBinding ${openshiftProject}-lagoon-deployer-image-puller in ${openshiftPromoteSourceProject} does not exists, creating`)
// const promotionSourceRolebindingsPost = promisify(openshift.ns(openshiftPromoteSourceProject).rolebindings.post)
// await promotionSourceRolebindingsPost({ body: {"kind":"RoleBinding","apiVersion":"v1","metadata":{"name":`${openshiftProject}-lagoon-deployer-image-puller`,"namespace":openshiftPromoteSourceProject},"roleRef":{"name":"system:image-puller"},"subjects":[{"name":"lagoon-deployer","kind":"ServiceAccount","namespace":openshiftProject}]}})
// } else {
// logger.error(err)
// throw new Error
// }
// }
// }

// Create SSH Key Secret if not exist yet, if it does update it.
let sshKey: any = {}
const sshKeyBase64 = new Buffer(deployPrivateKey.replace(/\\n/g, "\n")).toString('base64')
Expand Down
1 change: 1 addition & 0 deletions tests/checks/check-branch-sha.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
expected_content: "LAGOON_GIT_BRANCH={{ expected_branch }}"
tasks:
- include: check-url-content.yaml
when: expected_branch != ""

- name: "{{ testname }} - check if {{ project }} is deployed with searching for the hash inside an environment variable set during buildtime"
hosts: localhost
Expand Down
19 changes: 10 additions & 9 deletions tests/tests/features-kubernetes.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,15 +34,16 @@
project: ci-features-{{ lookup('env','CLUSTER_TYPE') }}
branch: remoteshell

# - include: features/promote.yaml
# vars:
# testname: "PROMOTE {{ lookup('env','CLUSTER_TYPE')|upper }}"
# git_repo_name: features.git
# project: ci-features-{{ lookup('env','CLUSTER_TYPE') }}
# source_environment: source
# promote_environment: target
# check_url_source: "https://node.{{ project | regex_replace('_', '-') }}.{{ source_environment | regex_replace('/', '-') }}.{{ lookup('env','ROUTE_SUFFIX_HTTPS') }}:{{ lookup('env','ROUTE_SUFFIX_HTTPS_PORT') }}"
# check_url_promote: "https://node.{{ project | regex_replace('_', '-') }}.{{ promote_environment | regex_replace('/', '-') }}.{{ lookup('env','ROUTE_SUFFIX_HTTPS') }}:{{ lookup('env','ROUTE_SUFFIX_HTTPS_PORT') }}"
- include: features/promote.yaml
tags: skip-on-kubernetes-controller
vars:
testname: "PROMOTE {{ lookup('env','CLUSTER_TYPE')|upper }}"
git_repo_name: features.git
project: ci-features-{{ lookup('env','CLUSTER_TYPE') }}
source_environment: source
promote_environment: target
check_url_source: "https://node.{{ project | regex_replace('_', '-') }}.{{ source_environment | regex_replace('/', '-') }}.{{ lookup('env','ROUTE_SUFFIX_HTTPS') }}:{{ lookup('env','ROUTE_SUFFIX_HTTPS_PORT') }}"
check_url_promote: "https://node.{{ project | regex_replace('_', '-') }}.{{ promote_environment | regex_replace('/', '-') }}.{{ lookup('env','ROUTE_SUFFIX_HTTPS') }}:{{ lookup('env','ROUTE_SUFFIX_HTTPS_PORT') }}"

- include: features/cronjobs.yaml
vars:
Expand Down
2 changes: 1 addition & 1 deletion tests/tests/features/promote.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@
- include: ../../checks/check-branch-sha.yaml
vars:
expected_head: "{{ current_head }}"
expected_branch: "{{ promote_environment }}"
expected_branch: ""
expected_branch_buildtime: "{{ source_environment }}"
project: "{{ project }}"
url: "{{ check_url_promote }}"
Expand Down