-
Notifications
You must be signed in to change notification settings - Fork 34
Open
Labels
kind/internalTask that doesn't affect users directlyTask that doesn't affect users directly
Description
From the epic:
Variable mess
They should be, ideally, tied to the related k8s objects, but they’re global
deployment/playbooks/deploy.yml
Lines 8 to 71 in 848a1dd
| vars: | |
| validate_certs: true | |
| service: "{{ lookup('env', 'SERVICE') | default('packit', True) }}" | |
| deployment: "{{ lookup('env', 'DEPLOYMENT') }}" | |
| tenant: packit # MP+ tenant | |
| with_tokman: true | |
| with_fedmsg: true | |
| kv_database: "redict" | |
| with_kv_database: true | |
| with_redis_commander: false | |
| with_flower: false | |
| with_dashboard: true | |
| with_beat: true | |
| with_pushgateway: true | |
| with_repository_cache: true | |
| repository_cache_storage: 4Gi | |
| push_dev_images: false | |
| with_fluentd_sidecar: false | |
| postgres_version: 13 | |
| image: quay.io/packit/packit-service:{{ deployment }} | |
| image_worker: quay.io/packit/packit-worker:{{ deployment }} | |
| image_fedmsg: quay.io/packit/packit-service-fedmsg:{{ deployment }} | |
| image_dashboard: quay.io/packit/dashboard:{{ deployment }} | |
| image_tokman: quay.io/packit/tokman:{{ deployment }} | |
| image_fluentd: quay.io/packit/fluentd-splunk-hec:latest | |
| # project_dir is set in tasks/project-dir.yml | |
| path_to_secrets: "{{ project_dir }}/secrets/{{ service }}/{{ deployment }}" | |
| # to be used in Image streams as importPolicy:scheduled value | |
| auto_import_images: true | |
| # used in dev/zuul deployment to tag & push images to cluster | |
| # https://github.com/packit/deployment/issues/112#issuecomment-673343049 | |
| # container_engine: "{{ lookup('pipe', 'command -v podman 2> /dev/null || echo docker') }}" | |
| container_engine: docker | |
| celery_app: packit_service.worker.tasks | |
| celery_retry_limit: 2 | |
| celery_retry_backoff: 3 | |
| workers_all_tasks: 1 | |
| workers_short_running: 0 | |
| workers_long_running: 0 | |
| distgit_url: https://src.fedoraproject.org/ | |
| distgit_namespace: rpms | |
| sourcegit_namespace: "" # fedora-source-git only | |
| pushgateway_address: http://pushgateway | |
| # Check that the deployment repo is up-to-date | |
| check_up_to_date: true | |
| # Check that the current vars file is up-to-date with the template | |
| check_vars_template_diff: true | |
| deployment_repo_url: https://github.com/packit/deployment.git | |
| # used by a few tasks below | |
| k8s_apply: true | |
| tokman: | |
| workers: 1 | |
| resources: | |
| requests: | |
| memory: "88Mi" | |
| cpu: "5m" | |
| limits: | |
| memory: "128Mi" | |
| cpu: "50m" | |
| appcode: PCKT-002 | |
| servicephase: lab | |
| costcenter: "700" | |
| registry: 172.30.1.1:5000 | |
| registry_user: developer |
- global variables (API, project, etc.) should be global…
- deployment-specific variables (resources for workers, scaling of workers, etc.) should be deployment-specific; related to the next point
Tight coupling of k8s definitions
deployment/openshift/packit-service.yml.j2
Lines 148 to 208 in 848a1dd
| --- | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: packit-service | |
| {% if managed_platform %} | |
| labels: | |
| paas.redhat.com/appcode: {{ appcode }} | |
| {% endif %} | |
| spec: | |
| ports: | |
| - name: prod-packit | |
| port: 443 | |
| protocol: TCP | |
| targetPort: 8443 | |
| selector: | |
| component: packit-service | |
| --- | |
| kind: Route | |
| apiVersion: route.openshift.io/v1 | |
| metadata: | |
| name: packit-service | |
| {% if managed_platform %} | |
| labels: | |
| paas.redhat.com/appcode: {{ appcode }} | |
| shard: external | |
| {% endif %} | |
| spec: | |
| # for local deployment (dev) creates default route for testing. | |
| # e.g https://packit-service-myproject.127.0.0.1.nip.io/ | |
| # For dev/prod creates host {dev,prod}.packit.dev | |
| {% if deployment != 'dev' %} | |
| host: "{{ deployment }}.{{ service+'.' if service != 'packit' else '' }}packit.dev" | |
| {% endif %} | |
| port: | |
| targetPort: prod-packit | |
| to: | |
| kind: Service | |
| name: packit-service | |
| tls: | |
| # not sure about this one, whether we should do it in httpd or here | |
| insecureEdgeTerminationPolicy: Redirect | |
| termination: passthrough | |
| --- | |
| kind: ImageStream | |
| apiVersion: image.openshift.io/v1 | |
| metadata: | |
| name: packit-service | |
| spec: | |
| tags: | |
| - name: {{ deployment }} | |
| from: | |
| kind: DockerImage | |
| name: {{ image }} | |
| importPolicy: | |
| # Periodically query registry to synchronize tag and image metadata. | |
| scheduled: {{ auto_import_images }} | |
| lookupPolicy: | |
| # allows all resources pointing to this image stream to use it in the image field | |
| local: true |
right now everything per deployment is in one file (deployment, route, volume, etc.); splitting up could result in less frequent redeployment on the OpenShift side when deploying manually (also allows for better “monitoring” ok/changed), but at the same time implodes the amount of k8s definitions in the repository (better directory structure would be definitely needed)
Metadata
Metadata
Assignees
Labels
kind/internalTask that doesn't affect users directlyTask that doesn't affect users directly
Type
Projects
Status
backlog