From 4809d6ff56951ddfdf628d8b88e505b79eba4ea7 Mon Sep 17 00:00:00 2001 From: Jeremy Lewi Date: Wed, 23 Oct 2024 11:26:57 -0700 Subject: [PATCH] Create a cronjob to autorelease Foyle. * Use a cronjob to perioidically run hydros to release Foyle. --- cicd/README.md | 34 +++++++++++++ cicd/releaser/config.yaml | 11 +++++ cicd/releaser/cronjob.yaml | 82 +++++++++++++++++++++++++++++++ cicd/releaser/kustomization.yaml | 14 ++++++ cicd/releaser/namespace.yaml | 4 ++ cicd/releaser/serviceaccount.yaml | 7 +++ 6 files changed, 152 insertions(+) create mode 100644 cicd/README.md create mode 100644 cicd/releaser/config.yaml create mode 100644 cicd/releaser/cronjob.yaml create mode 100644 cicd/releaser/kustomization.yaml create mode 100644 cicd/releaser/namespace.yaml create mode 100644 cicd/releaser/serviceaccount.yaml diff --git a/cicd/README.md b/cicd/README.md new file mode 100644 index 0000000..4631bdc --- /dev/null +++ b/cicd/README.md @@ -0,0 +1,34 @@ +# Foyle CICD + +* We use a cronjob to regularly run [hydros](https://github.com/jlewi/hydros) to release Foyle + +```bash +kustomize build releaser | kubectl apply -f - +``` + +## Create one off job + +* You can fire off a job from the cron job + +```bash {"id":"01JAX9F0VQW4RWK80WNCNANSWD","interactive":"true"} +kubectl create job --from=cronjob/release-cron one-off-release -n foyle-cicd +``` + +```bash {"id":"01JAX9G3MYCXPPHJP06G0CWDPY","interactive":"false"} +# 1. Check the status of the one-off job and its pods to ensure everything is running correctly. +kubectl -n foyle-cicd get jobs +kubectl -n foyle-cicd get pods -n foyle-cicd +``` + +```bash +kubectl -n foyle-cicd get pods -w +``` + +* Fetch the logs for the K8s job one-off-release +* Use gcloud to fetch them from gcloud +* I noticed that in some k8s the labels k8s-pod weren't attached. I wonder if that happens because the pod and VM didn't live long enough? + +```bash {"id":"01JAX9PE1ZQATY0R0RTMVAWSEQ","interactive":"false"} +# Fetch the logs for the one-off K8s job using gcloud +gcloud logging read "resource.type=\"k8s_container\" AND labels.\"k8s-pod/batch_kubernetes_io/job-name\"=\"one-off-release\"" --limit=100 +``` \ No newline at end of file diff --git a/cicd/releaser/config.yaml b/cicd/releaser/config.yaml new file mode 100644 index 0000000..cdd62c4 --- /dev/null +++ b/cicd/releaser/config.yaml @@ -0,0 +1,11 @@ +apiVersion: "" +kind: "" +logging: + level: info + sinks: + - json: true + path: stderr +gitHub: + appID: 315982 + privateKey: gcpsecretmanager:///projects/foyle-dev/secrets/foyle-ghapp-key/versions/latest +workDir: /tmp/hydros_work_dir diff --git a/cicd/releaser/cronjob.yaml b/cicd/releaser/cronjob.yaml new file mode 100644 index 0000000..e0314e3 --- /dev/null +++ b/cicd/releaser/cronjob.yaml @@ -0,0 +1,82 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: release-cron + namespace: foyle-cicd +spec: + schedule: "0 20 * * *" + timeZone: "America/Los_Angeles" + jobTemplate: + spec: + template: + metadata: + labels: + component: hydros + spec: + initContainers: + - name: clone + image: us-west1-docker.pkg.dev/foyle-public/images/hydros/hydros + command: + - /hydros + - --config=/config/config.yaml + - clone + - --repo=https://github.com/jlewi/foyle.git + # TODO(https://github.com/jlewi/hydros/issues/89): Update clone to use viper configuration + - --ghapp-id=315982 + - --private-key=gcpsecretmanager:///projects/foyle-dev/secrets/foyle-ghapp-key/versions/latest + - --work-dir=/tmp/hydros_work_dir + resources: + limits: + cpu: "4" + memory: 4Gi + requests: + cpu: "4" + memory: 4Gi + volumeMounts: + - name: config + mountPath: /config + readOnly: true + - name: data + mountPath: /tmp + readOnly: false + containers: + - image: us-west1-docker.pkg.dev/foyle-public/images/hydros/hydros + name: hydros + #image: amd64/busybox + # command: + # - tail + # - -f + # - /dev/null + command: + - /hydros + - --config=/config/config.yaml + - apply + - /tmp/hydros_work_dir/github.com/jlewi/foyle/releasing.yaml + env: + - name: GITHUB_TOKEN + valueFrom: + secretKeyRef: + name: github-token-ghcr + key: GITHUB_TOKEN + resources: + limits: + cpu: "4" + memory: 4Gi + requests: + cpu: "4" + memory: 4Gi + volumeMounts: + - name: config + mountPath: /config + readOnly: true + - name: data + mountPath: /tmp + readOnly: false + restartPolicy: OnFailure + serviceAccountName: foyle-cicd + volumes: + - name: config + configMap: + name: config + - name: data + emptyDir: {} \ No newline at end of file diff --git a/cicd/releaser/kustomization.yaml b/cicd/releaser/kustomization.yaml new file mode 100644 index 0000000..d3797f1 --- /dev/null +++ b/cicd/releaser/kustomization.yaml @@ -0,0 +1,14 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: foyle-cicd +metadata: + labels: + environment: dev +resources: +- namespace.yaml +- cronjob.yaml +- serviceaccount.yaml +configMapGenerator: +- name: config + files: + - config.yaml \ No newline at end of file diff --git a/cicd/releaser/namespace.yaml b/cicd/releaser/namespace.yaml new file mode 100644 index 0000000..684e931 --- /dev/null +++ b/cicd/releaser/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: foyle-cicd \ No newline at end of file diff --git a/cicd/releaser/serviceaccount.yaml b/cicd/releaser/serviceaccount.yaml new file mode 100644 index 0000000..cb48482 --- /dev/null +++ b/cicd/releaser/serviceaccount.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: foyle-cicd + namespace: foyle-cicd + annotations: + iam.gke.io/gcp-service-account: developer@foyle-dev.iam.gserviceaccount.com