Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Factor out one of the OpenShift deployments to a role to have a better idea of the results of the complete refactor #619

Open
Tracked by #616
mfocko opened this issue Nov 28, 2024 · 0 comments
Open
Tracked by #616

Factor out one of the OpenShift deployments to a role to have a better idea of the results of the complete refactor #619

mfocko opened this issue Nov 28, 2024 · 0 comments
Labels
kind/internal Doesn't affect users directly, may be e.g. infrastructure, DB related.

Comments

@mfocko
Copy link
Member

mfocko commented Nov 28, 2024
edited
Loading

From the epic:

Variable mess

They should be, ideally, tied to the related k8s objects, but they’re global

deployment/playbooks/deploy.yml

Lines 8 to 71 in 848a1dd

vars:
validate_certs: true
service: "{{ lookup('env', 'SERVICE') | default('packit', True) }}"
deployment: "{{ lookup('env', 'DEPLOYMENT') }}"
tenant: packit # MP+ tenant
with_tokman: true
with_fedmsg: true
kv_database: "redict"
with_kv_database: true
with_redis_commander: false
with_flower: false
with_dashboard: true
with_beat: true
with_pushgateway: true
with_repository_cache: true
repository_cache_storage: 4Gi
push_dev_images: false
with_fluentd_sidecar: false
postgres_version: 13
image: quay.io/packit/packit-service:{{ deployment }}
image_worker: quay.io/packit/packit-worker:{{ deployment }}
image_fedmsg: quay.io/packit/packit-service-fedmsg:{{ deployment }}
image_dashboard: quay.io/packit/dashboard:{{ deployment }}
image_tokman: quay.io/packit/tokman:{{ deployment }}
image_fluentd: quay.io/packit/fluentd-splunk-hec:latest
# project_dir is set in tasks/project-dir.yml
path_to_secrets: "{{ project_dir }}/secrets/{{ service }}/{{ deployment }}"
# to be used in Image streams as importPolicy:scheduled value
auto_import_images: true
# used in dev/zuul deployment to tag & push images to cluster
# https://github.com/packit/deployment/issues/112#issuecomment-673343049
# container_engine: "{{ lookup('pipe', 'command -v podman 2> /dev/null || echo docker') }}"
container_engine: docker
celery_app: packit_service.worker.tasks
celery_retry_limit: 2
celery_retry_backoff: 3
workers_all_tasks: 1
workers_short_running: 0
workers_long_running: 0
distgit_url: https://src.fedoraproject.org/
distgit_namespace: rpms
sourcegit_namespace: "" # fedora-source-git only
pushgateway_address: http://pushgateway
# Check that the deployment repo is up-to-date
check_up_to_date: true
# Check that the current vars file is up-to-date with the template
check_vars_template_diff: true
deployment_repo_url: https://github.com/packit/deployment.git
# used by a few tasks below
k8s_apply: true
tokman:
workers: 1
resources:
requests:
memory: "88Mi"
cpu: "5m"
limits:
memory: "128Mi"
cpu: "50m"
appcode: PCKT-002
servicephase: lab
costcenter: "700"
registry: 172.30.1.1:5000
registry_user: developer

  • global variables (API, project, etc.) should be global…
  • deployment-specific variables (resources for workers, scaling of workers, etc.) should be deployment-specific; related to the next point

Tight coupling of k8s definitions

deployment/openshift/packit-service.yml.j2

Lines 148 to 208 in 848a1dd

---
apiVersion: v1
kind: Service
metadata:
name: packit-service
{% if managed_platform %}
labels:
paas.redhat.com/appcode: {{ appcode }}
{% endif %}
spec:
ports:
- name: prod-packit
port: 443
protocol: TCP
targetPort: 8443
selector:
component: packit-service
---
kind: Route
apiVersion: route.openshift.io/v1
metadata:
name: packit-service
{% if managed_platform %}
labels:
paas.redhat.com/appcode: {{ appcode }}
shard: external
{% endif %}
spec:
# for local deployment (dev) creates default route for testing.
# e.g https://packit-service-myproject.127.0.0.1.nip.io/
# For dev/prod creates host {dev,prod}.packit.dev
{% if deployment != 'dev' %}
host: "{{ deployment }}.{{ service+'.' if service != 'packit' else '' }}packit.dev"
{% endif %}
port:
targetPort: prod-packit
to:
kind: Service
name: packit-service
tls:
# not sure about this one, whether we should do it in httpd or here
insecureEdgeTerminationPolicy: Redirect
termination: passthrough
---
kind: ImageStream
apiVersion: image.openshift.io/v1
metadata:
name: packit-service
spec:
tags:
- name: {{ deployment }}
from:
kind: DockerImage
name: {{ image }}
importPolicy:
# Periodically query registry to synchronize tag and image metadata.
scheduled: {{ auto_import_images }}
lookupPolicy:
# allows all resources pointing to this image stream to use it in the image field
local: true

right now everything per deployment is in one file (deployment, route, volume, etc.); splitting up could result in less frequent redeployment on the OpenShift side when deploying manually (also allows for better “monitoring” ok/changed), but at the same time implodes the amount of k8s definitions in the repository (better directory structure would be definitely needed)
@mfocko mfocko mentioned this issue Nov 28, 2024
Open
7 tasks
@mfocko mfocko added the kind/internal Doesn't affect users directly, may be e.g. infrastructure, DB related. label Nov 28, 2024
@mfocko mfocko moved this from new to backlog in Packit Kanban Board Nov 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/internal Doesn't affect users directly, may be e.g. infrastructure, DB related.
Projects
Packit Kanban Board
Status: backlog
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mfocko