Skip to content

Commit 7bd7b7e

Browse files
authored
chore(ci): fix Helm k8s deployments (#3108)
1 parent 5d2be39 commit 7bd7b7e

12 files changed

Lines changed: 74 additions & 59 deletions

.ibm/images/Dockerfile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ ENV CI=1 \
88
_X11_NO_MITSHM=1 \
99
_MITSHM=0 \
1010
NODE_PATH=/usr/local/lib/node_modules \
11-
HELM_VERSION="v3.12.3" \
11+
HELM_VERSION="v3.17.2" \
1212
OC_VERSION="4.14.3" \
1313
OCM_VERSION="0.1.76" \
1414
GO_VERSION="1.19" \

.ibm/pipelines/cluster/aks/aks-helm-deployment.sh

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,15 +6,21 @@ source "$DIR"/utils.sh
66
initiate_aks_helm_deployment() {
77
delete_namespace "${NAME_SPACE_RBAC}"
88
configure_namespace "${NAME_SPACE}"
9+
910
deploy_redis_cache "${NAME_SPACE}"
1011
patch_and_restart "$NAME_SPACE" "deployment" "redis" "${DIR}/cluster/aks/patch/aks-spot-patch.yaml" # Patch Redis deployment to run on spot cluster
12+
1113
uninstall_helmchart "${NAME_SPACE}" "${RELEASE_NAME}"
14+
1215
cd "${DIR}" || exit
1316
local rhdh_base_url="https://${K8S_CLUSTER_ROUTER_BASE}"
1417
apply_yaml_files "${DIR}" "${NAME_SPACE}" "${rhdh_base_url}"
1518
yq_merge_value_files "merge" "${DIR}/value_files/${HELM_CHART_VALUE_FILE_NAME}" "${DIR}/value_files/${HELM_CHART_AKS_DIFF_VALUE_FILE_NAME}" "/tmp/${HELM_CHART_K8S_MERGED_VALUE_FILE_NAME}"
1619
mkdir -p "${ARTIFACT_DIR}/${NAME_SPACE}"
1720
cp -a "/tmp/${HELM_CHART_K8S_MERGED_VALUE_FILE_NAME}" "${ARTIFACT_DIR}/${NAME_SPACE}/" # Save the final value-file into the artifacts directory.
21+
22+
setup_image_pull_secret "${NAME_SPACE}" "rh-pull-secret" "${REGISTRY_REDHAT_IO_SERVICE_ACCOUNT_DOCKERCONFIGJSON}"
23+
1824
echo "Deploying image from repository: ${QUAY_REPO}, TAG_NAME: ${TAG_NAME}, in NAME_SPACE: ${NAME_SPACE}"
1925
helm upgrade -i "${RELEASE_NAME}" -n "${NAME_SPACE}" \
2026
"${HELM_CHART_URL}" --version "${CHART_VERSION}" \
@@ -27,16 +33,21 @@ initiate_aks_helm_deployment() {
2733
initiate_rbac_aks_helm_deployment() {
2834
delete_namespace "${NAME_SPACE}"
2935
configure_namespace "${NAME_SPACE_RBAC}"
36+
3037
uninstall_helmchart "${NAME_SPACE_RBAC}" "${RELEASE_NAME_RBAC}"
38+
3139
cd "${DIR}" || exit
3240
local rbac_rhdh_base_url="https://${K8S_CLUSTER_ROUTER_BASE}"
3341
apply_yaml_files "${DIR}" "${NAME_SPACE_RBAC}" "${rbac_rhdh_base_url}"
3442
yq_merge_value_files "merge" "${DIR}/value_files/${HELM_CHART_RBAC_VALUE_FILE_NAME}" "${DIR}/value_files/${HELM_CHART_RBAC_AKS_DIFF_VALUE_FILE_NAME}" "/tmp/${HELM_CHART_RBAC_K8S_MERGED_VALUE_FILE_NAME}"
3543
mkdir -p "${ARTIFACT_DIR}/${NAME_SPACE_RBAC}"
3644
cp -a "/tmp/${HELM_CHART_RBAC_K8S_MERGED_VALUE_FILE_NAME}" "${ARTIFACT_DIR}/${NAME_SPACE_RBAC}/" # Save the final value-file into the artifacts directory.
45+
46+
setup_image_pull_secret "${NAME_SPACE_RBAC}" "rh-pull-secret" "${REGISTRY_REDHAT_IO_SERVICE_ACCOUNT_DOCKERCONFIGJSON}"
47+
3748
echo "Deploying image from repository: ${QUAY_REPO}, TAG_NAME: ${TAG_NAME}, in NAME_SPACE: ${NAME_SPACE_RBAC}"
3849
helm upgrade -i "${RELEASE_NAME_RBAC}" -n "${NAME_SPACE_RBAC}" \
39-
"${HELM_REPO_NAME}/${HELM_IMAGE_NAME}" --version "${CHART_VERSION}" \
50+
"${HELM_CHART_URL}" --version "${CHART_VERSION}" \
4051
-f "/tmp/${HELM_CHART_RBAC_K8S_MERGED_VALUE_FILE_NAME}" \
4152
--set global.host="${K8S_CLUSTER_ROUTER_BASE}" \
4253
--set upstream.backstage.image.repository="${QUAY_REPO}" \

.ibm/pipelines/cluster/eks/eks-helm-deployment.sh

Lines changed: 8 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -5,12 +5,13 @@ source "$DIR"/utils.sh
55

66
initiate_eks_helm_deployment() {
77
echo "Initiating EKS Helm deployment"
8-
8+
99
delete_namespace "${NAME_SPACE_RBAC}"
1010
configure_namespace "${NAME_SPACE}"
1111
deploy_redis_cache "${NAME_SPACE}"
12-
12+
1313
uninstall_helmchart "${NAME_SPACE}" "${RELEASE_NAME}"
14+
1415
cd "${DIR}" || exit
1516

1617
setup_image_pull_secret "${NAME_SPACE}" "rh-pull-secret" "${REGISTRY_REDHAT_IO_SERVICE_ACCOUNT_DOCKERCONFIGJSON}"
@@ -32,10 +33,12 @@ initiate_eks_helm_deployment() {
3233

3334
initiate_rbac_eks_helm_deployment() {
3435
echo "Initiating EKS RBAC Helm deployment"
35-
36+
3637
delete_namespace "${NAME_SPACE}"
3738
configure_namespace "${NAME_SPACE_RBAC}"
39+
3840
uninstall_helmchart "${NAME_SPACE_RBAC}" "${RELEASE_NAME_RBAC}"
41+
3942
cd "${DIR}" || exit
4043

4144
setup_image_pull_secret "${NAME_SPACE_RBAC}" "rh-pull-secret" "${REGISTRY_REDHAT_IO_SERVICE_ACCOUNT_DOCKERCONFIGJSON}"
@@ -47,9 +50,9 @@ initiate_rbac_eks_helm_deployment() {
4750
cp -a "/tmp/${HELM_CHART_RBAC_K8S_MERGED_VALUE_FILE_NAME}" "${ARTIFACT_DIR}/${NAME_SPACE_RBAC}/" # Save the final value-file into the artifacts directory.
4851
echo "Deploying image from repository: ${QUAY_REPO}, TAG_NAME: ${TAG_NAME}, in NAME_SPACE: ${NAME_SPACE_RBAC}"
4952
helm upgrade -i "${RELEASE_NAME_RBAC}" -n "${NAME_SPACE_RBAC}" \
50-
"${HELM_REPO_NAME}/${HELM_IMAGE_NAME}" --version "${CHART_VERSION}" \
53+
"${HELM_CHART_URL}" --version "${CHART_VERSION}" \
5154
-f "/tmp/${HELM_CHART_RBAC_K8S_MERGED_VALUE_FILE_NAME}" \
5255
--set global.host="${K8S_CLUSTER_ROUTER_BASE}" \
5356
--set upstream.backstage.image.repository="${QUAY_REPO}" \
5457
--set upstream.backstage.image.tag="${TAG_NAME}"
55-
}
58+
}

.ibm/pipelines/cluster/gke/gke-helm-deployment.sh

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,15 +10,21 @@ source "$DIR"/cluster/gke/manifest.sh
1010
initiate_gke_helm_deployment() {
1111
delete_namespace "${NAME_SPACE_RBAC}"
1212
configure_namespace "${NAME_SPACE}"
13+
1314
deploy_redis_cache "${namespace}"
15+
1416
uninstall_helmchart "${NAME_SPACE}" "${RELEASE_NAME}"
17+
1518
cd "${DIR}" || exit
1619
local rhdh_base_url="https://${K8S_CLUSTER_ROUTER_BASE}"
1720
apply_yaml_files "${DIR}" "${NAME_SPACE}" "${rhdh_base_url}"
1821
apply_gke_frontend_config "${NAME_SPACE}"
1922
yq_merge_value_files "merge" "${DIR}/value_files/${HELM_CHART_VALUE_FILE_NAME}" "${DIR}/value_files/${HELM_CHART_GKE_DIFF_VALUE_FILE_NAME}" "/tmp/${HELM_CHART_K8S_MERGED_VALUE_FILE_NAME}"
2023
mkdir -p "${ARTIFACT_DIR}/${NAME_SPACE}"
2124
cp -a "/tmp/${HELM_CHART_K8S_MERGED_VALUE_FILE_NAME}" "${ARTIFACT_DIR}/${NAME_SPACE}/" # Save the final value-file into the artifacts directory.
25+
26+
setup_image_pull_secret "${NAME_SPACE}" "rh-pull-secret" "${REGISTRY_REDHAT_IO_SERVICE_ACCOUNT_DOCKERCONFIGJSON}"
27+
2228
echo "Deploying image from repository: ${QUAY_REPO}, TAG_NAME: ${TAG_NAME}, in NAME_SPACE: ${NAME_SPACE}"
2329
helm upgrade -i "${RELEASE_NAME}" -n "${NAME_SPACE}" \
2430
"${HELM_CHART_URL}" --version "${CHART_VERSION}" \
@@ -32,17 +38,21 @@ initiate_gke_helm_deployment() {
3238
initiate_rbac_gke_helm_deployment() {
3339
delete_namespace "${NAME_SPACE}"
3440
configure_namespace "${NAME_SPACE_RBAC}"
41+
3542
uninstall_helmchart "${NAME_SPACE_RBAC}" "${RELEASE_NAME_RBAC}"
43+
3644
cd "${DIR}" || exit
3745
local rbac_rhdh_base_url="https://${K8S_CLUSTER_ROUTER_BASE}"
3846
apply_yaml_files "${DIR}" "${NAME_SPACE_RBAC}" "${rbac_rhdh_base_url}"
3947
apply_gke_frontend_config "${NAME_SPACE_RBAC}"
4048
yq_merge_value_files "merge" "${DIR}/value_files/${HELM_CHART_RBAC_VALUE_FILE_NAME}" "${DIR}/value_files/${HELM_CHART_RBAC_GKE_DIFF_VALUE_FILE_NAME}" "/tmp/${HELM_CHART_RBAC_K8S_MERGED_VALUE_FILE_NAME}"
4149
mkdir -p "${ARTIFACT_DIR}/${NAME_SPACE_RBAC}"
4250
cp -a "/tmp/${HELM_CHART_RBAC_K8S_MERGED_VALUE_FILE_NAME}" "${ARTIFACT_DIR}/${NAME_SPACE_RBAC}/" # Save the final value-file into the artifacts directory.
51+
52+
setup_image_pull_secret "${NAME_SPACE_RBAC}" "rh-pull-secret" "${REGISTRY_REDHAT_IO_SERVICE_ACCOUNT_DOCKERCONFIGJSON}"
4353
echo "Deploying image from repository: ${QUAY_REPO}, TAG_NAME: ${TAG_NAME}, in NAME_SPACE: ${NAME_SPACE_RBAC}"
4454
helm upgrade -i "${RELEASE_NAME_RBAC}" -n "${NAME_SPACE_RBAC}" \
45-
"${HELM_REPO_NAME}/${HELM_IMAGE_NAME}" --version "${CHART_VERSION}" \
55+
"${HELM_CHART_URL}" --version "${CHART_VERSION}" \
4656
-f "/tmp/${HELM_CHART_RBAC_K8S_MERGED_VALUE_FILE_NAME}" \
4757
--set global.host="${K8S_CLUSTER_ROUTER_BASE}" \
4858
--set upstream.backstage.image.repository="${QUAY_REPO}" \

.ibm/pipelines/utils.sh

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -908,7 +908,6 @@ rbac_deployment() {
908908

909909
initiate_deployments() {
910910
cd "${DIR}"
911-
install_orchestrator_infra_chart
912911
base_deployment
913912
rbac_deployment
914913
}

.ibm/pipelines/value_files/diff-values_showcase-rbac_AKS.yaml

Lines changed: 15 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -61,26 +61,31 @@ upstream:
6161
# could be changed to a [generic ephemeral volume](https://docs.openshift.com/container-platform/4.13/storage/generic-ephemeral-vols.html#generic-ephemeral-vols-procedure_generic-ephemeral-volumes).
6262
- name: dynamic-plugins-root
6363
emptyDir: {}
64-
- name: rbac-policy
65-
configMap:
66-
defaultMode: 420
67-
name: rbac-policy
68-
- name: rbac-conditions
69-
emptyDir: {}
7064
# Volume that will expose the `dynamic-plugins.yaml` file from the `dynamic-plugins` config map.
7165
# The `dynamic-plugins` config map is created by the helm chart from the content of the `global.dynamic` field.
7266
- name: dynamic-plugins
7367
configMap:
7468
defaultMode: 420
75-
name: dynamic-plugins
69+
name: '{{ printf "%s-dynamic-plugins" .Release.Name }}'
7670
optional: true
7771
# Optional volume that allows exposing the `.npmrc` file (through a `dynamic-plugins-npmrc` secret)
7872
# to be used when running `npm pack` during the dynamic plugins installation by the initContainer.
7973
- name: dynamic-plugins-npmrc
8074
secret:
8175
defaultMode: 420
8276
optional: true
83-
secretName: dynamic-plugins-npmrc
77+
secretName: '{{ printf "%s-dynamic-plugins-npmrc" .Release.Name }}'
78+
- name: dynamic-plugins-registry-auth
79+
secret:
80+
defaultMode: 416
81+
optional: true
82+
secretName: '{{ printf "%s-dynamic-plugins-registry-auth" .Release.Name }}'
83+
- name: rbac-policy
84+
configMap:
85+
defaultMode: 420
86+
name: rbac-policy
87+
- name: rbac-conditions
88+
emptyDir: {}
8489
extraEnvVarsSecrets:
8590
- rhdh-secrets
8691
podSecurityContext:
@@ -138,4 +143,5 @@ upstream:
138143
ingress:
139144
enabled: true
140145
className: webapprouting.kubernetes.azure.com
141-
host: ''
146+
host: ''
147+
orchestrator: null

.ibm/pipelines/value_files/diff-values_showcase-rbac_EKS.yaml

Lines changed: 8 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -117,30 +117,18 @@ upstream:
117117
secretKeyRef:
118118
key: postgres-password
119119
name: '{{ .Release.Name }}-postgresql'
120-
# Tolerations and affinity needed to be scheduled on a spot EKS cluster. Only `postgresql` require it.
121-
tolerations:
122-
- key: "kubernetes.aws.com/spot"
123-
operator: "Equal"
124-
value: "true"
125-
effect: "NoSchedule"
126-
affinity:
127-
nodeAffinity:
128-
preferredDuringSchedulingIgnoredDuringExecution:
129-
- weight: 1
130-
preference:
131-
matchExpressions:
132-
- key: "kubernetes.aws.com/spot"
133-
operator: In
134-
values:
135-
- "true"
136120
volumePermissions:
137121
enabled: true
122+
service:
123+
# NodePort is required for the ALB to route to the Service
124+
type: NodePort
138125
ingress:
139126
enabled: true
140-
className: alb
141127
annotations:
142128
kubernetes.io/ingress.class: alb
143129
alb.ingress.kubernetes.io/scheme: internet-facing
144-
alb.ingress.kubernetes.io/target-type: ip
145-
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
146-
host: ''
130+
alb.ingress.kubernetes.io/certificate-arn: $EKS_DOMAIN_NAME_CERTIFICATE_ARN
131+
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
132+
alb.ingress.kubernetes.io/ssl-redirect: '443'
133+
external-dns.alpha.kubernetes.io/hostname: $EKS_INSTANCE_DOMAIN_NAME
134+
orchestrator: null

.ibm/pipelines/value_files/diff-values_showcase-rbac_GKE.yaml

Lines changed: 15 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -61,26 +61,31 @@ upstream:
6161
# could be changed to a [generic ephemeral volume](https://docs.openshift.com/container-platform/4.13/storage/generic-ephemeral-vols.html#generic-ephemeral-vols-procedure_generic-ephemeral-volumes).
6262
- name: dynamic-plugins-root
6363
emptyDir: {}
64-
- name: rbac-policy
65-
configMap:
66-
defaultMode: 420
67-
name: rbac-policy
68-
- name: rbac-conditions
69-
emptyDir: {}
7064
# Volume that will expose the `dynamic-plugins.yaml` file from the `dynamic-plugins` config map.
7165
# The `dynamic-plugins` config map is created by the helm chart from the content of the `global.dynamic` field.
7266
- name: dynamic-plugins
7367
configMap:
7468
defaultMode: 420
75-
name: dynamic-plugins
69+
name: '{{ printf "%s-dynamic-plugins" .Release.Name }}'
7670
optional: true
7771
# Optional volume that allows exposing the `.npmrc` file (through a `dynamic-plugins-npmrc` secret)
7872
# to be used when running `npm pack` during the dynamic plugins installation by the initContainer.
7973
- name: dynamic-plugins-npmrc
8074
secret:
8175
defaultMode: 420
8276
optional: true
83-
secretName: dynamic-plugins-npmrc
77+
secretName: '{{ printf "%s-dynamic-plugins-npmrc" .Release.Name }}'
78+
- name: dynamic-plugins-registry-auth
79+
secret:
80+
defaultMode: 416
81+
optional: true
82+
secretName: '{{ printf "%s-dynamic-plugins-registry-auth" .Release.Name }}'
83+
- name: rbac-policy
84+
configMap:
85+
defaultMode: 420
86+
name: rbac-policy
87+
- name: rbac-conditions
88+
emptyDir: {}
8489
extraEnvVarsSecrets:
8590
- rhdh-secrets
8691
podSecurityContext:
@@ -129,4 +134,5 @@ upstream:
129134
kubernetes.io/ingress.global-static-ip-name: rhdh-static-ip
130135
ingress.gcp.kubernetes.io/pre-shared-cert: ""
131136
networking.gke.io/v1beta1.FrontendConfig: rhdh-gke-ingress-security-config
132-
className: gce
137+
className: gce
138+
orchestrator: null

.ibm/pipelines/value_files/diff-values_showcase_AKS.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -44,3 +44,4 @@ upstream:
4444
enabled: true
4545
className: webapprouting.kubernetes.azure.com
4646
host: ''
47+
orchestrator: null

.ibm/pipelines/value_files/diff-values_showcase_EKS.yaml

Lines changed: 1 addition & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -24,12 +24,6 @@ upstream:
2424
podSecurityContext:
2525
enabled: true
2626
fsGroup: 3000
27-
# Tolerations and affinity needed to be scheduled on a spot EKS cluster. Only `postgresql` require it.
28-
tolerations:
29-
- key: "kubernetes.aws.com/spot"
30-
operator: "Equal"
31-
value: "true"
32-
effect: "NoSchedule"
3327
volumePermissions:
3428
enabled: true
3529
service:
@@ -44,3 +38,4 @@ upstream:
4438
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
4539
alb.ingress.kubernetes.io/ssl-redirect: '443'
4640
external-dns.alpha.kubernetes.io/hostname: $EKS_INSTANCE_DOMAIN_NAME
41+
orchestrator: null

0 commit comments

Comments
 (0)