-
Notifications
You must be signed in to change notification settings - Fork 17
[patch] add cluster mode support for gitops #481
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from all commits
Commits
Show all changes
12 commits
Select commit
Hold shift + click to select a range
d5ff955
[patch] add cluster mode support
3998348
[patch] update the cli digest
4ef6dc0
update sha
b941b0b
update the cli image digest
f92a7cf
update cli sha
245fd97
remove the unncessary flag
1c9995e
update 01-02-preinstall-mas-rbac-job_ServiceAccount.yaml
32aecb8
use cluster_admin_role instead of application_admin_role
cd6c24e
update the cli image digest sha
ec3cae3
Merge branch 'main' of github.com:ibm-mas/gitops into ds-saas
6f01119
updated cli version
93cd610
Merge branch 'main' into ds-saas
dixitgsathwara File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
34 changes: 34 additions & 0 deletions
34
...ations/000-ibm-sync-resources/templates/01-02-preinstall-mas-rbac-job_ServiceAccount.yaml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,34 @@ | ||
| {{- if .Values.cluster_admin_role }} | ||
| --- | ||
| apiVersion: v1 | ||
| kind: ServiceAccount | ||
| metadata: | ||
| name: preinstall-mas-rbac-job | ||
| namespace: mas-{{ .Values.instance_id }}-syncres | ||
| annotations: | ||
| argocd.argoproj.io/sync-wave: "01" | ||
| {{- if .Values.custom_labels }} | ||
| labels: | ||
| {{ .Values.custom_labels | toYaml | indent 4 }} | ||
| {{- end }} | ||
|
|
||
| --- | ||
| kind: ClusterRoleBinding | ||
| apiVersion: rbac.authorization.k8s.io/v1 | ||
| metadata: | ||
| name: preinstall-mas-rbac-job-cluster-rolebinding-{{ .Values.instance_id }} | ||
| annotations: | ||
| argocd.argoproj.io/sync-wave: "02" | ||
| {{- if .Values.custom_labels }} | ||
| labels: | ||
| {{ .Values.custom_labels | toYaml | indent 4 }} | ||
| {{- end }} | ||
| subjects: | ||
| - kind: ServiceAccount | ||
| name: preinstall-mas-rbac-job | ||
| namespace: mas-{{ .Values.instance_id }}-syncres | ||
| roleRef: | ||
| apiGroup: rbac.authorization.k8s.io | ||
| kind: ClusterRole | ||
| name: cluster-admin | ||
| {{- end }} |
122 changes: 122 additions & 0 deletions
122
instance-applications/010-ibm-sync-jobs/templates/00-preinstall-mas-rbac_Job.yaml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,122 @@ | ||
| {{- if .Values.cluster_admin_role }} | ||
| {{- $masChannel := .Values.mas_channel }} | ||
| {{- $versionParts := splitList "." $masChannel }} | ||
| {{- $majorVersion := index $versionParts 0 | int }} | ||
| {{- $minorVersion := index $versionParts 1 | int }} | ||
| {{- if or (gt $majorVersion 9) (and (eq $majorVersion 9) (ge $minorVersion 2)) }} | ||
|
|
||
| {{- /* | ||
| Meaningful prefix for the job resource name. Must be under 52 chars in length to leave room for the 11 chars reserved for '-' and $_job_hash. | ||
| */}} | ||
| {{- $_job_name_prefix := "preinstall-mas-rbac" }} | ||
|
|
||
| {{- /* | ||
| Use the build/bin/set-cli-image-digest.sh script to update this value across all charts. | ||
| Included in $_job_hash (see below). | ||
| */}} | ||
| {{- $_cli_image_digest := "sha256:14c852062a8c6149820d9aa7b8315d83f25bb29172b0f318e4fe10af613533f3" }} | ||
|
|
||
| {{- /* | ||
| A dict of values that influence the behaviour of the job in some way. | ||
| Any changes to values in this dict will trigger a rerun of the job. | ||
| Since jobs must be idemopotent, it's generally safe to pass in values here that are not | ||
| strictly necessary (i.e. including some values that don't actually influence job behaviour). | ||
| We may want to refine this further though for jobs that can take a long time to complete. | ||
| Included in $_job_hash (see below). | ||
| */}} | ||
| {{- $_job_config_values := omit .Values "junitreporter" }} | ||
|
|
||
| {{- /* | ||
| Increment this value whenever you make a change to an immutable field of the Job resource. | ||
| E.g. passing in a new environment variable. | ||
| Included in $_job_hash (see below). | ||
| */}} | ||
| {{- $_job_version := "v1" }} | ||
|
|
||
| {{- /* | ||
| 10 char hash appended to the job name taking into account $_job_config_values, $_job_version and $_cli_image_digest | ||
| This is to ensure ArgoCD will create a new job resource intead of attempting (and failing) to update an | ||
| immutable field of any existing Job resource. | ||
| */}} | ||
| {{- $_job_hash := print ($_job_config_values | toYaml) $_cli_image_digest $_job_version | adler32sum }} | ||
|
|
||
| {{- $_job_name := join "-" (list $_job_name_prefix $_job_hash )}} | ||
|
|
||
| {{- /* | ||
| Set as the value for the mas.ibm.com/job-cleanup-group label on the Job resource. | ||
|
|
||
| When the auto_delete flag is not set on the root application, a CronJob in the cluster uses this label | ||
| to identify old Job resources that should be pruned on behalf of ArgoCD. | ||
|
|
||
| Any Job resources in the same namespace that have the mas.ibm.com/job-cleanup-group with this value | ||
| will be considered to belong to the same cleanup group. All but the most recent (i.e. with the latest "creation_timestamp") | ||
| Jobs will be automatically deleted. | ||
|
|
||
| $_job_cleanup_group can usually just be based on $_job_name_prefix. There are some special cases | ||
| where multiple Jobs are created in our templates using a Helm loop. In those cases, additional descriminators | ||
| must be added to $_job_cleanup_group. | ||
|
|
||
| By convention, we sha1sum this value to guarantee we never exceed the 63 char limit regardless of which discriminators | ||
| are required here. | ||
|
|
||
| */}} | ||
| {{- $_job_cleanup_group := cat $_job_name_prefix | sha1sum }} | ||
|
|
||
|
|
||
| --- | ||
| apiVersion: batch/v1 | ||
| kind: Job | ||
| metadata: | ||
| name: {{ $_job_name }} | ||
| namespace: mas-{{ .Values.instance_id }}-syncres | ||
| annotations: | ||
| argocd.argoproj.io/sync-wave: "00" | ||
| labels: | ||
| mas.ibm.com/job-cleanup-group: {{ $_job_cleanup_group }} | ||
| {{- if .Values.custom_labels }} | ||
| {{ .Values.custom_labels | toYaml | indent 4 }} | ||
| {{- end }} | ||
| spec: | ||
| template: | ||
| metadata: | ||
| labels: | ||
| app: "sync-job" | ||
| {{- if .Values.custom_labels }} | ||
| {{ .Values.custom_labels | toYaml | indent 8 }} | ||
| {{- end }} | ||
| spec: | ||
| containers: | ||
| - name: preinstall-mas-rbac | ||
| image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} | ||
| imagePullPolicy: IfNotPresent | ||
| env: | ||
| - name: MAS_INSTANCE_ID | ||
| value: "{{ .Values.instance_id }}" | ||
| - name: MAS_VERSION | ||
| value: "{{ .Values.mas_channel }}" | ||
| command: | ||
| - /bin/sh | ||
| - -c | ||
| - | | ||
| set -e | ||
|
|
||
| echo "" | ||
| echo "================================================================================" | ||
| echo "Applying Pre-Install MAS RBAC (Cluster Mode)" | ||
| echo "================================================================================" | ||
|
|
||
| mas-devops-apply-preinstall-rbac-for-saas \ | ||
| --mas-instance-id "${MAS_INSTANCE_ID}" \ | ||
| --mas-version "${MAS_VERSION}" \ | ||
| --admin-mode "cluster" | ||
|
|
||
| rc=$? | ||
| echo "preinstall_mas_rbac rc=${rc}" | ||
| [ $rc -ne 0 ] && exit $rc | ||
| exit 0 | ||
|
|
||
| restartPolicy: Never | ||
| serviceAccountName: preinstall-mas-rbac-job | ||
| backoffLimit: 4 | ||
| {{- end }} | ||
| {{- end }} | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.