From e083b9119114e2d2ef9199f8e3fd41b956e0019f Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Fri, 23 Aug 2024 12:26:28 +0200 Subject: [PATCH 1/5] [Casc]: Moving to shared lib and preparing different configuration of shared lib for ha vs none-ha --- blueprints/02-at-scale/cbci/casc/mc/ha/bundle.yaml | 2 ++ blueprints/02-at-scale/cbci/casc/mc/ha/jcasc/main.yaml | 10 ++++++++++ .../cbci/casc/mc/ha/variables/variables.yaml | 4 ++++ .../02-at-scale/cbci/casc/mc/none-ha/bundle.yaml | 2 ++ .../02-at-scale/cbci/casc/mc/none-ha/jcasc/main.yaml | 10 ++++++++++ .../cbci/casc/mc/none-ha/variables/variables.yaml | 4 ++++ .../02-at-scale/cbci/casc/mc/parent/jcasc/main.yaml | 10 ---------- .../cbci/casc/mc/parent/variables/variables.yaml | 4 +--- blueprints/02-at-scale/cbci/casc/oc/items/root.yaml | 4 ++-- .../02-at-scale/cbci/casc/oc/variables/variables.yaml | 2 +- blueprints/02-at-scale/k8s/cbci-values.yml | 2 +- 11 files changed, 37 insertions(+), 17 deletions(-) create mode 100644 blueprints/02-at-scale/cbci/casc/mc/ha/variables/variables.yaml create mode 100644 blueprints/02-at-scale/cbci/casc/mc/none-ha/variables/variables.yaml diff --git a/blueprints/02-at-scale/cbci/casc/mc/ha/bundle.yaml b/blueprints/02-at-scale/cbci/casc/mc/ha/bundle.yaml index dbb47c13..59927d65 100644 --- a/blueprints/02-at-scale/cbci/casc/mc/ha/bundle.yaml +++ b/blueprints/02-at-scale/cbci/casc/mc/ha/bundle.yaml @@ -7,3 +7,5 @@ allowCapExceptions: true jcascMergeStrategy: "errorOnConflict" jcasc: - jcasc +variables: + - variables diff --git a/blueprints/02-at-scale/cbci/casc/mc/ha/jcasc/main.yaml b/blueprints/02-at-scale/cbci/casc/mc/ha/jcasc/main.yaml index b5dbc48f..16875536 100644 --- a/blueprints/02-at-scale/cbci/casc/mc/ha/jcasc/main.yaml +++ b/blueprints/02-at-scale/cbci/casc/mc/ha/jcasc/main.yaml @@ -1,3 +1,13 @@ unclassified: globalDefaultFlowDurabilityLevel: durabilityHint: MAX_SURVIVABILITY + globalLibraries: + libraries: + - defaultVersion: ${sharedLibBranch} + name: "common" + retriever: + modernSCM: + libraryPath: ${sharedLibPath} + scm: + git: + remote: ${sharedLibRepo} \ No newline at end of file diff --git a/blueprints/02-at-scale/cbci/casc/mc/ha/variables/variables.yaml b/blueprints/02-at-scale/cbci/casc/mc/ha/variables/variables.yaml new file mode 100644 index 00000000..8f322f47 --- /dev/null +++ b/blueprints/02-at-scale/cbci/casc/mc/ha/variables/variables.yaml @@ -0,0 +1,4 @@ +variables: + - sharedLibRepo: "https://github.com/cloudbees/terraform-aws-cloudbees-ci-eks-addon.git" + - sharedLibBranch: shared-lib + - sharedLibPath: "blueprints/02-at-scale/cbci/shared-lib" diff --git a/blueprints/02-at-scale/cbci/casc/mc/none-ha/bundle.yaml b/blueprints/02-at-scale/cbci/casc/mc/none-ha/bundle.yaml index 750e7631..69ededd1 100644 --- a/blueprints/02-at-scale/cbci/casc/mc/none-ha/bundle.yaml +++ b/blueprints/02-at-scale/cbci/casc/mc/none-ha/bundle.yaml @@ -7,3 +7,5 @@ allowCapExceptions: true jcascMergeStrategy: "errorOnConflict" jcasc: - jcasc +variables: + - variables diff --git a/blueprints/02-at-scale/cbci/casc/mc/none-ha/jcasc/main.yaml b/blueprints/02-at-scale/cbci/casc/mc/none-ha/jcasc/main.yaml index 265cf97b..885d72cc 100644 --- a/blueprints/02-at-scale/cbci/casc/mc/none-ha/jcasc/main.yaml +++ b/blueprints/02-at-scale/cbci/casc/mc/none-ha/jcasc/main.yaml @@ -1,3 +1,13 @@ unclassified: globalDefaultFlowDurabilityLevel: durabilityHint: PERFORMANCE_OPTIMIZED + globalLibraries: + libraries: + - defaultVersion: ${sharedLibBranch} + name: "common" + retriever: + modernSCM: + libraryPath: ${sharedLibPath} + scm: + git: + remote: ${sharedLibRepo} diff --git a/blueprints/02-at-scale/cbci/casc/mc/none-ha/variables/variables.yaml b/blueprints/02-at-scale/cbci/casc/mc/none-ha/variables/variables.yaml new file mode 100644 index 00000000..8f322f47 --- /dev/null +++ b/blueprints/02-at-scale/cbci/casc/mc/none-ha/variables/variables.yaml @@ -0,0 +1,4 @@ +variables: + - sharedLibRepo: "https://github.com/cloudbees/terraform-aws-cloudbees-ci-eks-addon.git" + - sharedLibBranch: shared-lib + - sharedLibPath: "blueprints/02-at-scale/cbci/shared-lib" diff --git a/blueprints/02-at-scale/cbci/casc/mc/parent/jcasc/main.yaml b/blueprints/02-at-scale/cbci/casc/mc/parent/jcasc/main.yaml index 301da1c9..11966cd9 100644 --- a/blueprints/02-at-scale/cbci/casc/mc/parent/jcasc/main.yaml +++ b/blueprints/02-at-scale/cbci/casc/mc/parent/jcasc/main.yaml @@ -38,16 +38,6 @@ unclassified: endpoint: ${ot_endpoint} cascItemsConfiguration: variableInterpolationEnabledForAdmin: true - globalLibraries: - libraries: - - defaultVersion: ${sharedLibBranch} - name: "common" - retriever: - modernSCM: - libraryPath: ${sharedLibPath} - scm: - git: - remote: ${sharedLibRepo} aws: awsCredentials: region: "${sec_awsRegion}" diff --git a/blueprints/02-at-scale/cbci/casc/mc/parent/variables/variables.yaml b/blueprints/02-at-scale/cbci/casc/mc/parent/variables/variables.yaml index 429fcc4d..76d47a05 100644 --- a/blueprints/02-at-scale/cbci/casc/mc/parent/variables/variables.yaml +++ b/blueprints/02-at-scale/cbci/casc/mc/parent/variables/variables.yaml @@ -2,6 +2,4 @@ variables: - ot_endpoint: "http://tempo.kube-prometheus-stack.svc.cluster.local:4317" - s3bucketPreffix: "cbci" - regSecretsName: "cbci-sec-reg" - - sharedLibRepo: "https://github.com/cloudbees/terraform-aws-cloudbees-ci-eks-addon.git" - - sharedLibBranch: develop - - sharedLibPath: "blueprints/02-at-scale/cbci/shared-lib" + diff --git a/blueprints/02-at-scale/cbci/casc/oc/items/root.yaml b/blueprints/02-at-scale/cbci/casc/oc/items/root.yaml index 18c4dce4..b1c13a3b 100644 --- a/blueprints/02-at-scale/cbci/casc/oc/items/root.yaml +++ b/blueprints/02-at-scale/cbci/casc/oc/items/root.yaml @@ -53,7 +53,7 @@ items: "cloudbees.prometheus": "true" properties: - configurationAsCode: - bundle: "develop/none-ha" + bundle: "shared-lib/none-ha" # Casc, HA - kind: managedController name: team-c-ha @@ -100,4 +100,4 @@ items: "cloudbees.prometheus": "true" properties: - configurationAsCode: - bundle: "develop/ha" + bundle: "shared-lib/ha" diff --git a/blueprints/02-at-scale/cbci/casc/oc/variables/variables.yaml b/blueprints/02-at-scale/cbci/casc/oc/variables/variables.yaml index 82f69637..358c559c 100644 --- a/blueprints/02-at-scale/cbci/casc/oc/variables/variables.yaml +++ b/blueprints/02-at-scale/cbci/casc/oc/variables/variables.yaml @@ -1,7 +1,7 @@ variables: - message: "Welcome to the CloudBees CI blueprint add-on: At scale!" - cascRepo: "https://github.com/cloudbees/terraform-aws-cloudbees-ci-eks-addon.git" - - cascBranch: develop + - cascBranch: shared-lib - cascPathController: "/blueprints/02-at-scale/cbci/casc/mc/" - ldapManagerDN: "cn=admin,dc=acme,dc=org" - ldapRootDN: "dc=acme,dc=org" diff --git a/blueprints/02-at-scale/k8s/cbci-values.yml b/blueprints/02-at-scale/k8s/cbci-values.yml index e0062df8..36265238 100644 --- a/blueprints/02-at-scale/k8s/cbci-values.yml +++ b/blueprints/02-at-scale/k8s/cbci-values.yml @@ -16,7 +16,7 @@ OperationsCenter: Retriever: Enabled: true scmRepo: "https://github.com/cloudbees/terraform-aws-cloudbees-ci-eks-addon.git" - scmBranch: develop + scmBranch: shared-lib scmBundlePath: blueprints/02-at-scale/cbci/casc/oc scmPollingInterval: PT20M Persistence: From 1096aaf47d815322bde03b7302ce5cfdc5dfb72c Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Fri, 23 Aug 2024 12:27:11 +0200 Subject: [PATCH 2/5] Replace App by WL and adding new files for sed --- Makefile | 15 +++++++-------- blueprints/helpers.sh | 11 +++++++---- 2 files changed, 14 insertions(+), 12 deletions(-) diff --git a/Makefile b/Makefile index 1435bc7c..64ae3cc4 100644 --- a/Makefile +++ b/Makefile @@ -6,7 +6,7 @@ BP_AGENT_USER := bp-agent MKFILEDIR := $(abspath $(dir $(lastword $(MAKEFILE_LIST)))) CBCI_REPO ?= https://github.com/cloudbees/terraform-aws-cloudbees-ci-eks-addon.git CBCI_BRANCH ?= main -DESTROY_ONLY_APPS ?= false +DESTROY_WL_ONLY ?= false define helpers source blueprints/helpers.sh && $(1) @@ -57,18 +57,17 @@ endif @$(call helpers,INFO "CloudBees CI Blueprint $(ROOT) Validation target finished succesfully.") .PHONY: destroy -destroy: ## Destroy Terraform Blueprint passed as parameter. Example: ROOT=02-at-scale make destroy -destroy: tfChecks agentCheck +destroy: ## Destroy Terraform Blueprint passed as parameter. Example: [DESTROY_ONLY_WL=false] ROOT=02-at-scale make destroy +destroy: tfChecks agentCheck guard-DESTROY_WL_ONLY ifeq ($(CI),false) - @$(call helpers,ask-confirmation "Destroy $(ROOT)") + @$(call helpers,ask-confirmation "Destroy $(ROOT) with Destroy Workloads Only=$(DESTROY_ONLY_WL)") endif -ifeq ($(DESTROY_ONLY_APPS),false) +ifeq ($(DESTROY_WL_ONLY),false) @$(call helpers,tf-destroy $(ROOT)) - @$(call helpers,INFO "CloudBees CI Blueprint $(ROOT) Destroy target finished succesfully. Mode: ALL") else - @$(call helpers,tf-destroy-apps $(ROOT)) - @$(call helpers,INFO "CloudBees CI Blueprint $(ROOT) Destroy ONLY APPS target finished succesfully. Mode: ONLY APPS") + @$(call helpers,tf-destroy-wl $(ROOT)) endif + @$(call helpers,INFO "CloudBees CI Blueprint $(ROOT) Destroy target finished succesfully. Destroy Workloads Only=$(DESTROY_ONLY_WL)") .PHONY: clean clean: ## Clean Blueprint passed as parameter. Example: ROOT=02-at-scale make clean diff --git a/blueprints/helpers.sh b/blueprints/helpers.sh index be7bc8dc..4bb862b1 100755 --- a/blueprints/helpers.sh +++ b/blueprints/helpers.sh @@ -91,17 +91,17 @@ tf-apply () { tf-destroy () { local root="$1" export TF_LOG_PATH="$SCRIPTDIR/$root/terraform.log" - tf-destroy-apps "$root" + tf-destroy-wl "$root" retry 3 "terraform -chdir=$SCRIPTDIR/$root destroy -target=module.eks -auto-approve" retry 3 "terraform -chdir=$SCRIPTDIR/$root destroy -auto-approve" rm -f "$SCRIPTDIR/$root/terraform.output" } -tf-destroy-apps () { +tf-destroy-wl () { local root="$1" export TF_LOG_PATH="$SCRIPTDIR/$root/terraform.log" retry 3 "terraform -chdir=$SCRIPTDIR/$root destroy -target=module.eks_blueprints_addon_cbci -auto-approve" - retry 3 "terraform -chdir=$SCRIPTDIR/$root destroy -target=module.eks_blueprints_addons -auto-approve" + #retry 3 "terraform -chdir=$SCRIPTDIR/$root destroy -target=module.eks_blueprints_addons -auto-approve" } probes () { @@ -199,10 +199,13 @@ set-cbci-location () { #Repo sed -i "s|scmRepo: .*|scmRepo: \"$repo\"|g" "$SCRIPTDIR/02-at-scale/k8s/cbci-values.yml" sed -i "s|scmCascMmStore: .*|scmCascMmStore: \"$repo\"|g" "$SCRIPTDIR/02-at-scale/cbci/casc/oc/variables/variables.yaml" + sed -i "s|sharedLibRepo: .*|sharedLibRepo: \"$repo\"|g" "$SCRIPTDIR/02-at-scale/cbci/casc/mc/ha/variables/variables.yaml" + sed -i "s|sharedLibRepo: .*|sharedLibRepo: \"$repo\"|g" "$SCRIPTDIR/02-at-scale/cbci/casc/mc/none-ha/variables/variables.yaml" #Branch sed -i "s|scmBranch: .*|scmBranch: $branch|g" "$SCRIPTDIR/02-at-scale/k8s/cbci-values.yml" sed -i "s|cascBranch: .*|cascBranch: $branch|g" "$SCRIPTDIR/02-at-scale/cbci/casc/oc/variables/variables.yaml" - sed -i "s|sharedLibBranch: .*|sharedLibBranch: $branch|g" "$SCRIPTDIR/02-at-scale/cbci/casc/mc/parent/variables/variables.yaml" + sed -i "s|sharedLibBranch: .*|sharedLibBranch: $branch|g" "$SCRIPTDIR/02-at-scale/cbci/casc/mc/ha/variables/variables.yaml" + sed -i "s|sharedLibBranch: .*|sharedLibBranch: $branch|g" "$SCRIPTDIR/02-at-scale/cbci/casc/mc/none-ha/variables/variables.yaml" sed -i "s|bundle: \".*/none-ha\"|bundle: \"$branch/none-ha\"|g" "$SCRIPTDIR/02-at-scale/cbci/casc/oc/items/root.yaml" sed -i "s|bundle: \".*/ha\"|bundle: \"$branch/ha\"|g" "$SCRIPTDIR/02-at-scale/cbci/casc/oc/items/root.yaml" } From ef430315aa51ca96c288d156e6b28ff32ddd6c88 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Fri, 23 Aug 2024 12:54:57 +0200 Subject: [PATCH 3/5] fixing destroy only workload --- Makefile | 6 +++--- blueprints/helpers.sh | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index 64ae3cc4..90263be1 100644 --- a/Makefile +++ b/Makefile @@ -57,17 +57,17 @@ endif @$(call helpers,INFO "CloudBees CI Blueprint $(ROOT) Validation target finished succesfully.") .PHONY: destroy -destroy: ## Destroy Terraform Blueprint passed as parameter. Example: [DESTROY_ONLY_WL=false] ROOT=02-at-scale make destroy +destroy: ## Destroy Terraform Blueprint passed as parameter. Example: [DESTROY_WL_ONLY=false] ROOT=02-at-scale make destroy destroy: tfChecks agentCheck guard-DESTROY_WL_ONLY ifeq ($(CI),false) - @$(call helpers,ask-confirmation "Destroy $(ROOT) with Destroy Workloads Only=$(DESTROY_ONLY_WL)") + @$(call helpers,ask-confirmation "Destroy $(ROOT) with Destroy Workloads Only=$(DESTROY_WL_ONLY)") endif ifeq ($(DESTROY_WL_ONLY),false) @$(call helpers,tf-destroy $(ROOT)) else @$(call helpers,tf-destroy-wl $(ROOT)) endif - @$(call helpers,INFO "CloudBees CI Blueprint $(ROOT) Destroy target finished succesfully. Destroy Workloads Only=$(DESTROY_ONLY_WL)") + @$(call helpers,INFO "CloudBees CI Blueprint $(ROOT) Destroy target finished succesfully. Destroy Workloads Only=$(DESTROY_WL_ONLY)") .PHONY: clean clean: ## Clean Blueprint passed as parameter. Example: ROOT=02-at-scale make clean diff --git a/blueprints/helpers.sh b/blueprints/helpers.sh index 4bb862b1..4c28cf3a 100755 --- a/blueprints/helpers.sh +++ b/blueprints/helpers.sh @@ -101,7 +101,7 @@ tf-destroy-wl () { local root="$1" export TF_LOG_PATH="$SCRIPTDIR/$root/terraform.log" retry 3 "terraform -chdir=$SCRIPTDIR/$root destroy -target=module.eks_blueprints_addon_cbci -auto-approve" - #retry 3 "terraform -chdir=$SCRIPTDIR/$root destroy -target=module.eks_blueprints_addons -auto-approve" + retry 3 "terraform -chdir=$SCRIPTDIR/$root destroy -target=module.eks_blueprints_addons -auto-approve" } probes () { From e6a8131445be5c628d18b60eccbc369855067022 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Fri, 23 Aug 2024 14:05:52 +0200 Subject: [PATCH 4/5] [Casc]: Different Shared Library configuration for HA vs None HA controllers --- blueprints/02-at-scale/cbci/casc/mc/ha/jcasc/main.yaml | 9 ++++++++- .../02-at-scale/cbci/casc/mc/none-ha/jcasc/main.yaml | 2 ++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/blueprints/02-at-scale/cbci/casc/mc/ha/jcasc/main.yaml b/blueprints/02-at-scale/cbci/casc/mc/ha/jcasc/main.yaml index 16875536..5e0ae815 100644 --- a/blueprints/02-at-scale/cbci/casc/mc/ha/jcasc/main.yaml +++ b/blueprints/02-at-scale/cbci/casc/mc/ha/jcasc/main.yaml @@ -7,7 +7,14 @@ unclassified: name: "common" retriever: modernSCM: + clone: true libraryPath: ${sharedLibPath} scm: git: - remote: ${sharedLibRepo} \ No newline at end of file + remote: ${sharedLibRepo} + traits: + - cloneOption: + extension: + depth: 1 + noTags: false + shallow: true diff --git a/blueprints/02-at-scale/cbci/casc/mc/none-ha/jcasc/main.yaml b/blueprints/02-at-scale/cbci/casc/mc/none-ha/jcasc/main.yaml index 885d72cc..b413baa0 100644 --- a/blueprints/02-at-scale/cbci/casc/mc/none-ha/jcasc/main.yaml +++ b/blueprints/02-at-scale/cbci/casc/mc/none-ha/jcasc/main.yaml @@ -11,3 +11,5 @@ unclassified: scm: git: remote: ${sharedLibRepo} + cachingConfiguration: + refreshTimeMinutes: 0 From a1fd84c9650747e6cfaa4b87a95f2e55d9116d3b Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Lopez Date: Fri, 23 Aug 2024 17:51:27 +0200 Subject: [PATCH 5/5] Note about issue #190 --- blueprints/02-at-scale/README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/blueprints/02-at-scale/README.md b/blueprints/02-at-scale/README.md index 5b5aead9..8500a167 100644 --- a/blueprints/02-at-scale/README.md +++ b/blueprints/02-at-scale/README.md @@ -235,7 +235,9 @@ HashiCorp Vault is used as a credential provider for CloudBees CI Pipelines in t 6. Select **Test Connection** to verify the inputs are correct. -7. Move to `team-b` or `team-c-ha` to run the Pipeline (**admin > validations > vault-credentials**) and validate that credentials are fetched correctly from the Hashicorp Vault. +7. Move to `team-b` to run the Pipeline (**admin > validations > vault-credentials**) and validate that credentials are fetched correctly from the Hashicorp Vault. + + Known issue [#190](https://github.com/cloudbees/terraform-aws-cloudbees-ci-eks-addon/issues/190) makes the same pipeline fails in `team-c-ha` > [!NOTE] > Hashicorp Vault can be also be configured to be used for [Configuration as Code - Handling Secrets - Vault](https://github.com/jenkinsci/configuration-as-code-plugin/blob/master/docs/features/secrets.adoc#hashicorp-vault-secret-source). @@ -272,6 +274,8 @@ HashiCorp Vault is used as a credential provider for CloudBees CI Pipelines in t The `linux-mavenAndKaniko-L` agent template is deployed over on-demand Linux nodes that have smaller instance types versus the `linux-mavenAndKaniko-XL` template that is deployed over Spot Linux nodes that have defined larger instance types. + Known issue [#190](https://github.com/cloudbees/terraform-aws-cloudbees-ci-eks-addon/issues/190) makes the same pipeline fails in `team-c-ha` + - For Windows node pool use: ```sh