diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..2c757b0 --- /dev/null +++ b/Makefile @@ -0,0 +1,5 @@ +packit-service-validation-install: + make -C ocp-deployments/packit-service-validation install + +packit-service-validation-dryrun: + make -C ocp-deployments/packit-service-validation dryrun diff --git a/README.md b/README.md index bbac882..89cd744 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,5 @@ -# udp +# [Unified Openshift Deployment Process](https://docs.google.com/presentation/d/1MlLuuawzxJg6U15zbPby6JAtNNEWZAhfGEWNcpYSWeo) -[Unified Openshift deployment Project](https://docs.google.com/presentation/d/1MlLuuawzxJg6U15zbPby6JAtNNEWZAhfGEWNcpYSWeo) for the [Packit Service Validation](https://github.com/packit/deployment/tree/main/cron-jobs/packit-service-validation). To deploy the *Packit Service Validation* through *Helm* follow this steps: @@ -10,43 +9,51 @@ To deploy the *Packit Service Validation* through *Helm* follow this steps: Helm uses an **image** created through a GitHub action and pushed to Quay.io, the **tag** for this image is the first *7 digit for the commit SHA* of the packit/deployment repo. -To use a new image update the referenced tag [here](https://github.com/packit/udp/blob/main/ocp-deployments/packit-service-validation-prod.yaml#L18). +To use a new image update the referenced tag +[here](https://github.com/packit/udp/blob/main/ocp-deployments/packit-service-validation-prod.yaml#L18). -Copy your OpenShift *API token* from the [PSI Cluster](https://ocp4.psi.redhat.com/) +### Install Helm Chart -``` -git clone https://github.com/packit/udp.git -oc login --token=sha256~.... --server= .... -oc project cyborg -export PACKIT_SENTRY=$( echo -n 'token from bitwarden' | base64 ) -export PACKIT_GITHUB_TOKEN=$( echo -n 'token from bitwarden' | base64 ) -``` +Login to OpenShift cluster and switch to proper project. In case of packit-service validation +it's `cyborg` project @ [PSI Cluster](https://ocp4.psi.redhat.com). -### Install Helm Chart + oc login --token=sha256~.... --server= .... + oc project cyborg + +Get secrets from Bitwarden. +Sentry from `extra-vars.yml` in `secrets-packit-[prod|stg]` item and +GitHub token from `Release/usercont bot` item. + + export SENTRY=$( echo -n 'token from bitwarden' | base64 ) + export GITHUB=$( echo -n 'token from bitwarden' | base64 ) + +#### Install from this repo + + make packit-service-validation-install DEPLOYMENT=[production|staging] + +#### Install from chart repository + +If you're going to use the chart from outside (without having this repo cloned), +you can install the chart from our chart repository. You just need to have a file +with keys overriding those defined in `values.yaml` with `~` value. + + helm repo add packit https://helm.packit.dev + helm repo update + helm upgrade --install --cleanup-on-fail packit-service-validation packit/packit-service-validation --set secrets.sentry=${SENTRY} --set secrets.github=${GITHUB} --values your-values-file.yaml -#### From this repo -``` -helm upgrade --install --cleanup-on-fail packit-service-validation ocp-helm-charts/packit-service-validation/ --set secrets.sentry=${PACKIT_SENTRY} --set secrets.github=${PACKIT_GITHUB_TOKEN} --values ocp-deployments/packit-service-validation-prod.yaml -``` +### Render templates -#### From chart repository -``` -helm repo add packit https://helm.packit.dev -helm repo update -helm upgrade --install --cleanup-on-fail packit-service-validation packit/packit-service-validation --set secrets.sentry=${PACKIT_SENTRY} --set secrets.github=${PACKIT_GITHUB_TOKEN} --values ocp-deployments/packit-service-validation-prod.yaml -``` +If you just want to see how the rendered templates would look like: -### Uninstall Helm Chart -``` -helm uninstall packit-service-validation -``` + make packit-service-validation-dryrun DEPLOYMENT=[production|staging] ### Releases -There's a [release workflow](.github/workflows/release.yml) to automate releasing the Helm charts. -It uses [Helm Chart Releaser Action](https://github.com/marketplace/actions/helm-chart-releaser) +There's a [release workflow](https://github.com/packit/udp/blob/main/.github/workflows/release.yml) +to automate releasing the Helm charts. It uses +[Helm Chart Releaser Action](https://github.com/marketplace/actions/helm-chart-releaser) which turns this project into a self-hosted Helm chart repository. It does this – during every push to `main` – by checking each chart in the project, and whenever there's a new chart version, creates a corresponding GitHub release named for the chart version, adds Helm chart artifacts to the release, and creates or updates an `index.yaml` file with metadata about those releases, -which is then hosted on GitHub Pages at https://helm.packit.dev. +which is then hosted on GitHub Pages at [helm.packit.dev](https://helm.packit.dev). diff --git a/ocp-deployments/packit-service-validation-prod.yaml b/ocp-deployments/packit-service-validation-prod.yaml deleted file mode 100644 index 3651301..0000000 --- a/ocp-deployments/packit-service-validation-prod.yaml +++ /dev/null @@ -1,55 +0,0 @@ -# This name will be displayed as an app name in the OpenShift -app_name: packit-service-validation -# The OpenShift project name -oc_namespace: cyborg - -# Cron job name -cronjob_name: packit-service-validation - -# Container name -container: - name: run-validation - -# The image that will be used for deployment -image: - # Image repository without a tag - repo: quay.io/packit/packit-service-validation - # Image tag - tag: 4d37da0 - -# The git repository from which code will be built -git: - uri: https://github.com/packit/deployment.git - -# App environment variables -env_variables: - github_token: - name: packit-github-token - key: token - sentry_secret: - name: packit-sentry - key: sentry - deployment: - value: production - -# Cron job parameters -cron: - # Schedule - # runs every day at 4 a.m. - schedule: "0 4 * * *" - concurrencyPolicy: "Allow" - startingDeadlineSeconds: 14400 - suspend: false - successfulJobsHistoryLimit: 5 - failedJobsHistoryLimit: 5 - -# Pod resources requested and maximum -resources: - limits: - cpu: "100m" - memory: "80Mi" - -# Secrets -secrets: - sentry: ~ - github: ~ diff --git a/ocp-deployments/packit-service-validation/Makefile b/ocp-deployments/packit-service-validation/Makefile new file mode 100644 index 0000000..976c104 --- /dev/null +++ b/ocp-deployments/packit-service-validation/Makefile @@ -0,0 +1,7 @@ +DEPLOYMENT ?= production + +install: + helm upgrade $(EXTRA_OPTIONS) --install --cleanup-on-fail packit-$(DEPLOYMENT)-validation ../../ocp-helm-charts/packit-service-validation/ --set secrets.sentry=${SENTRY} --set secrets.github=${GITHUB} --values $(DEPLOYMENT).yaml + +dryrun: + make install EXTRA_OPTIONS="--debug --dry-run" diff --git a/ocp-deployments/packit-service-validation/production.yaml b/ocp-deployments/packit-service-validation/production.yaml new file mode 100644 index 0000000..9b7d85c --- /dev/null +++ b/ocp-deployments/packit-service-validation/production.yaml @@ -0,0 +1,4 @@ +deployment: production + +image: + tag: 2c35a8a diff --git a/ocp-deployments/packit-service-validation/staging.yaml b/ocp-deployments/packit-service-validation/staging.yaml new file mode 100644 index 0000000..a10eadf --- /dev/null +++ b/ocp-deployments/packit-service-validation/staging.yaml @@ -0,0 +1,4 @@ +deployment: staging + +image: + tag: 2c35a8a diff --git a/ocp-helm-charts/packit-service-validation/Chart.yaml b/ocp-helm-charts/packit-service-validation/Chart.yaml index 26aa998..4f31244 100644 --- a/ocp-helm-charts/packit-service-validation/Chart.yaml +++ b/ocp-helm-charts/packit-service-validation/Chart.yaml @@ -2,8 +2,7 @@ apiVersion : v2 name : packit-service-validation description : Helm chart for deploying packit-service-validation app type : application -version : 1.0.0 -appVersion : "1.0.0" +version : 1.1.0 keywords: - python @@ -11,5 +10,5 @@ keywords: - deployment maintainers: - - name : Serhii Turivnyi - email: sturivny@redhat.com + - name: The Packit team + url: https://packit.dev diff --git a/ocp-helm-charts/packit-service-validation/templates/job-run-validation.yml b/ocp-helm-charts/packit-service-validation/templates/job-run-validation.yml index e3a0541..265dbf9 100644 --- a/ocp-helm-charts/packit-service-validation/templates/job-run-validation.yml +++ b/ocp-helm-charts/packit-service-validation/templates/job-run-validation.yml @@ -1,48 +1,32 @@ +# https://docs.openshift.com/container-platform/4.11/rest_api/workloads_apis/cronjob-batch-v1.html apiVersion: batch/v1 kind: CronJob metadata: - name: {{ .Values.cronjob_name }} + name: {{ .Release.Name }} spec: - schedule: "{{ .Values.cron.schedule }}" - concurrencyPolicy: {{ .Values.cron.concurrencyPolicy }} - startingDeadlineSeconds: {{ .Values.cron.startingDeadlineSeconds }} - suspend: {{ .Values.cron.suspend }} - successfulJobsHistoryLimit: {{ .Values.cron.successfulJobsHistoryLimit }} - failedJobsHistoryLimit: {{ .Values.cron.failedJobsHistoryLimit }} + schedule: {{ .Values.cronjob.schedule | quote }} jobTemplate: - metadata: - annotations: - timestamp: {{ now | quote }} - creationTimestamp: null - labels: - app: {{ .Values.app_name }} - deploymentconfig: {{ .Values.app_name }} spec: + activeDeadlineSeconds: {{ .Values.cronjob.activeDeadlineSeconds }} template: - metadata: - annotations: - timestamp: {{ now | quote }} - creationTimestamp: null - labels: - app: {{ .Values.app_name }} - deploymentconfig: {{ .Values.app_name }} spec: containers: - - name: {{ .Values.container.name }} - image: {{ .Values.image.repo }}:{{ .Values.image.tag }} - command: ["python3", "/usr/bin/packit-service-validation.py"] + - name: run-validation + image: "{{ .Values.image.repo }}:{{ .Values.image.tag }}" imagePullPolicy: IfNotPresent env: - name: GITHUB_TOKEN valueFrom: secretKeyRef: - name: {{ .Values.env_variables.github_token.name }} - key: {{ .Values.env_variables.github_token.key }} + name: {{ .Release.Name }}-github + key: token - name: SENTRY_SECRET valueFrom: secretKeyRef: - name: {{ .Values.env_variables.sentry_secret.name }} - key: {{ .Values.env_variables.sentry_secret.key }} + name: {{ .Release.Name }}-sentry + key: dsn - name: DEPLOYMENT - value: {{ .Values.env_variables.deployment.value }} + value: {{ .Values.deployment }} + resources: + {{- toYaml .Values.resources | nindent 14 }} restartPolicy: OnFailure diff --git a/ocp-helm-charts/packit-service-validation/templates/secret-github.yaml b/ocp-helm-charts/packit-service-validation/templates/secret-github.yaml index 8b0ceb2..3d446db 100644 --- a/ocp-helm-charts/packit-service-validation/templates/secret-github.yaml +++ b/ocp-helm-charts/packit-service-validation/templates/secret-github.yaml @@ -1,8 +1,8 @@ apiVersion: v1 kind: Secret metadata: - name: packit-github-token - namespace: {{ .Values.namespace }} + name: {{ .Release.Name }}-github + namespace: {{ .Release.Namespace }} type: Opaque data: token: "{{ .Values.secrets.github }}" diff --git a/ocp-helm-charts/packit-service-validation/templates/secret-sentry.yml b/ocp-helm-charts/packit-service-validation/templates/secret-sentry.yml index f9b9a4f..b3e1636 100644 --- a/ocp-helm-charts/packit-service-validation/templates/secret-sentry.yml +++ b/ocp-helm-charts/packit-service-validation/templates/secret-sentry.yml @@ -1,8 +1,8 @@ apiVersion: v1 kind: Secret metadata: - name: packit-sentry - namespace: {{ .Values.namespace }} + name: {{ .Release.Name }}-sentry + namespace: {{ .Release.Namespace }} type: Opaque data: - sentry: "{{ .Values.secrets.sentry }}" + dsn: "{{ .Values.secrets.sentry }}" diff --git a/ocp-helm-charts/packit-service-validation/values.yaml b/ocp-helm-charts/packit-service-validation/values.yaml index cb9c421..0169b65 100644 --- a/ocp-helm-charts/packit-service-validation/values.yaml +++ b/ocp-helm-charts/packit-service-validation/values.yaml @@ -1,52 +1,27 @@ -# This name will be displayed as an app name in the OpenShift -app_name: packit-service-validation -# The OpenShift project name -oc_namespace: ~ +deployment: ~ -# Cron job name -cronjob_name: packit-service-validation - -# Container name -container: - name: run-validation +# Cron job parameters +cronjob: + # runs every day at 4 a.m. + schedule: "0 4 * * *" + # maximum duration is 4 hours + activeDeadlineSeconds: 14400 -# The image that will be used for deployment +# Container image image: # Image repository without a tag repo: quay.io/packit/packit-service-validation # Image tag tag: ~ -# The git repository from which code will be built -git: - uri: https://github.com/packit/deployment.git - -# App environment variables -env_variables: - github_token: - name: packit-github-token - key: token - sentry_secret: - name: packit-sentry - key: sentry - deployment: - value: production - -# Cron job parameters -cron: - # Schedule - schedule: - concurrencyPolicy: "Allow" - startingDeadlineSeconds: ~ - suspend: false - successfulJobsHistoryLimit: 5 - failedJobsHistoryLimit: 5 - -# Pod resources requested and maximum +# Pod resources maximum resources: limits: cpu: "100m" memory: "80Mi" + requests: + cpu: "100m" + memory: "80Mi" # Secrets secrets: