slim common and update pattern to pass on openshift 4.17 and 4.18 #60
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Fix CI issue
…sters Added support to control the scheduler/cluster spec
Simplified PR for auto approve install plans
Actually use adminServiceAccountName for the auto approve job
This should fix the fact that jobs are triggered on unrelated changes
Make sure that the if condition on chart split is not always true
Bump super-linter from 5 to 6
Add some debugging to the chart split action
Otherwise we will get errors during the command as git subtree has regressed since v2.44.0
Use a specific git version when running git subtree split
Release clustergroup v0.8.6
Add sudo to apt-get invocation
Add some READMEs in the individual charts
When setting up vault we loop through all the managed clusters and set
up the token so ESO can fetch certain paths in vault. This happens in
the unseal vault ansible job and will fail if one of the managed
clusters is unreachable. This is undesirable because a cluster might
have been shut down on purpose or might be temporarily not reachable
and this is no reason to stop the configuration of vault.
Tested as follows:
1. Deployed mcg on sno1 and sno2. All green.
2. Shut off sno2 so it is unreachable. observed unseal-cronjob fail (took a while but eventually failed with:
```
TASK [vault_utils : Fetch remote ansible to remote cluster] ********************
ok: [localhost] => (item=local-cluster)
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='api.sno2.ocplab.ocp', port=6443): Max retries exceeded with url: /version (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f1e08dd4670>: Failed to establish a new connection: [Errno 110] Connection timed out'))
failed: [localhost] (item=sno2) => {"ansible_loop_var": "item", "changed": false, "item": {"key": "sno2", "value": {"bearerToken": "eyJhbGciOiJSUzI1...
```
3. Imported sno3 into the hub on sno1. observed unseal-cronjob still fail:
```
TASK [vault_utils : Fetch remote ansible to remote cluster] ********************
ok: [localhost] => (item=local-cluster)
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='api.sno2.ocplab.ocp', port=6443): Max retries exceeded with url: /version (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7fb5d293e0a0>: Failed to establish a new connection: [Errno 110] Connection timed out'))
failed: [localhost] (item=sno2) => {"ansible_loop_var": "item", "changed": false, "item": {"key": "sno2", "value": {"bearerToken": "ey...
ok: [localhost] => (item=sno3)
PLAY RECAP *********************************************************************
localhost : ok=37 changed=11 unreachable=0 failed=1 skipped=13 rescued=0 ignored=0
```
4. After the ignore_errors patch:
```
TASK [vault_utils : Fetch remote ansible to remote cluster] ********************
ok: [localhost] => (item=local-cluster)
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='api.sno2.ocplab.ocp', port=6443): Max retries exceeded with url: /version (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7fc4b7805670>: Failed to establish a new connection: [Errno 110] Connection timed out'))
failed: [localhost] (item=sno2) => {"ansible_loop_var": "item", "changed": false, "item": {"key": "sno2", "value": {"bearerToken": "eyJhb....
ok: [localhost] => (item=sno3)
...ignoring
# sno2 correctly gets skipped in the subsequent tasks
```
sno3 did manage to login to the vault and everything just worked
Reported-by: François Charette <[email protected]>
Skip unreachable spokes when setting up vault
Add no_log to spokes initialization task
This will allow us to work with external CAs out of the box and also it will allow the framework to be able use internal gitea instances out of the box. Tested as follows: 1. Deployed stock MCG with no changes 2. Changed the MCG repo to one with this patch 3. Observed initContainers to show up on: A. namespaced argo on hub B. clusterwide argo on spoke C. namespaced argo on spoke 4. All applications still worked 5. Deployed mcg from scratch using a branch with this patch (with multisource set to false so we're sure we're testing the right common bits in the branch)
Make initContainers the default
Since ubuntu sometimes has /etc/pki/fwupd with little else in there, let's just bind mount /etc/pki when /etc/pki/tls exists. This keeps Fedora-based distros running and should fix this specific corner case observed on ubuntu. Co-Authored-By: Akos Eros <[email protected]> Closes: validatedpatterns/medical-diagnosis#130
Do not bind mount /etc/pki blindly
Update common to v1 branch
Moved to slimmed down common. Tested there is no diff from upstream: $ diff -urN -x '.git' common ../common $
Add a CI job for pattern.sh
There is no such field in the operator's CRD and it causes argo to be
outofsync.
$ grep -B5 -ir version: config/crd/bases/grafana.integreatly.org_grafanadatasources.yaml
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.3
--
name: v1beta1
schema:
openAPIV3Schema:
description: GrafanaDatasource is the Schema for the grafanadatasources API
properties:
apiVersion:
--
description: plugins
items:
properties:
name:
type: string
version:
$ git lg --grep version config/crd/bases/grafana.integreatly.org_grafanadatasources.yaml
$
…mands Currently, we pass the env var EXTRA_PLAYBOOK_OPTS into our utility container when running the `pattern-util.sh` script, however, we do not use it anywhere. This commit adds propagation of the env var to the `ansible-playbook` commands which could make use of it. As an example, you could set ```sh export EXTRA_PLAYBOOK_OPTS="-vvv" ``` which would enable verbose logging for any of the ansible playbooks when we run `./pattern.sh make <make_target>` in any of our pattern repos.
propagate the env var EXTRA_PLAYBOOK_OPTS to our ansible-playbook commands
A few small changes in this commit: * Update README to reference the `make-common-subtree` script in common rather than MCG repo * Update README and `make-common-subtree` script to use same default remote name for common subtree that we use in our `update-common-everywhere` script. * Update file name for the script to use dashes rather than underscores for consistency * Update the name of our GH org to `validatedpatterns`
…tree update how to make common subtree
|
This is from my test run on OpenShift 4.18.2 |
|
All good in argo as well |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
@sauagarwa This PR is a combination of #55 #56 #57 and also includes the following changes: