Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Add pre-upgrade jobs to run helm-mapkubeapis #1439

Merged
merged 11 commits into from
Aug 1, 2023
1 change: 1 addition & 0 deletions services/gatekeeper/3.12.0/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,3 +4,4 @@ resources:
- release.yaml
- constraints.yaml
- constrainttemplates.yaml
- pre-upgrade.yaml
22 changes: 22 additions & 0 deletions services/gatekeeper/3.12.0/pre-upgrade.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: gatekeeper-pre-upgrade
namespace: ${releaseNamespace}
spec:
force: true
prune: true
wait: true
interval: 6h
retryInterval: 1m
path: ./services/gatekeeper/3.12.0/pre-upgrade
sourceRef:
kind: GitRepository
name: management
namespace: kommander-flux
timeout: 1m
# passing releaseNamespace to 2nd level configuration files for ability to configure namespace correctly in attached clusters
# Using `substituteFrom` with `substitution-vars` creates 2nd level resources in `kommander` namespace instead of workspace ns
postBuild:
substitute:
releaseNamespace: ${releaseNamespace}
4 changes: 4 additions & 0 deletions services/gatekeeper/3.12.0/pre-upgrade/kustomization.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- pre-upgrade.yaml
60 changes: 60 additions & 0 deletions services/gatekeeper/3.12.0/pre-upgrade/pre-upgrade.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: gatekeeper-pre-upgrade
namespace: ${releaseNamespace}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: gatekeeper-pre-upgrade
namespace: ${releaseNamespace}
rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "watch", "list", "update", "patch", "create"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: gatekeeper-pre-upgrade
namespace: ${releaseNamespace}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: gatekeeper-pre-upgrade
subjects:
- kind: ServiceAccount
name: gatekeeper-pre-upgrade
namespace: ${releaseNamespace}
---
apiVersion: batch/v1
kind: Job
metadata:
name: gatekeeper-pre-upgrade
namespace: ${releaseNamespace}
spec:
ttlSecondsAfterFinished: 100
template:
metadata:
name: gatekeeper-pre-upgrade
spec:
serviceAccountName: gatekeeper-pre-upgrade
restartPolicy: OnFailure
priorityClassName: system-cluster-critical
containers:
- name: kubetools
image: "mesosphere/kommander2-kubetools:${kommanderChartVersion:=v2.6.0-dev}"
command:
- sh
- "-c"
- |-
/bin/bash <<'EOF'
set -o nounset
set -o errexit
set -o pipefail

# TODO: wait for HelmRelease to not be in-progress?

helm mapkubeapis kommander-gatekeeper --namespace ${releaseNamespace}
cbuto marked this conversation as resolved.
Show resolved Hide resolved
EOF
1 change: 1 addition & 0 deletions services/kubecost/0.35.1/kustomization.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- pre-upgrade.yaml
- kubecost.yaml
22 changes: 22 additions & 0 deletions services/kubecost/0.35.1/pre-upgrade.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: kubecost-pre-upgrade
namespace: ${releaseNamespace}
spec:
force: true
prune: true
wait: true
interval: 6h
retryInterval: 1m
path: ./services/kubecost/0.35.1/pre-upgrade
sourceRef:
kind: GitRepository
name: management
namespace: kommander-flux
timeout: 1m
# passing releaseNamespace to 2nd level configuration files for ability to configure namespace correctly in attached clusters
# Using `substituteFrom` with `substitution-vars` creates 2nd level resources in `kommander` namespace instead of workspace ns
postBuild:
substitute:
releaseNamespace: ${releaseNamespace}
4 changes: 4 additions & 0 deletions services/kubecost/0.35.1/pre-upgrade/kustomization.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- pre-upgrade.yaml
60 changes: 60 additions & 0 deletions services/kubecost/0.35.1/pre-upgrade/pre-upgrade.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: kubecost-pre-upgrade
namespace: ${releaseNamespace}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: kubecost-pre-upgrade
namespace: ${releaseNamespace}
rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "watch", "list", "update", "patch", "create"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: kubecost-pre-upgrade
namespace: ${releaseNamespace}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: kubecost-pre-upgrade
subjects:
- kind: ServiceAccount
name: kubecost-pre-upgrade
namespace: ${releaseNamespace}
---
apiVersion: batch/v1
kind: Job
metadata:
name: kubecost-pre-upgrade
namespace: ${releaseNamespace}
spec:
ttlSecondsAfterFinished: 100
template:
metadata:
name: kubecost-pre-upgrade
spec:
serviceAccountName: kubecost-pre-upgrade
restartPolicy: OnFailure
priorityClassName: dkp-high-priority
containers:
- name: kubetools
image: "mesosphere/kommander2-kubetools:${kommanderChartVersion:=v2.6.0-dev}"
command:
- sh
- "-c"
- |-
/bin/bash <<'EOF'
set -o nounset
set -o errexit
set -o pipefail

# TODO: wait for HelmRelease to not be in-progress?
cbuto marked this conversation as resolved.
Show resolved Hide resolved

helm mapkubeapis kubecost --namespace ${releaseNamespace}
EOF
1 change: 1 addition & 0 deletions services/logging-operator/4.2.3/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,3 +4,4 @@ resources:
- grafana-dashboards
- logging-operator.yaml
- logging-operator-logging.yaml
- pre-upgrade.yaml
22 changes: 22 additions & 0 deletions services/logging-operator/4.2.3/pre-upgrade.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: logging-operator-pre-upgrade
namespace: ${releaseNamespace}
spec:
force: true
prune: true
wait: true
interval: 6h
retryInterval: 1m
path: ./services/logging-operator/4.2.3/pre-upgrade
sourceRef:
kind: GitRepository
name: management
namespace: kommander-flux
timeout: 1m
# passing releaseNamespace to 2nd level configuration files for ability to configure namespace correctly in attached clusters
# Using `substituteFrom` with `substitution-vars` creates 2nd level resources in `kommander` namespace instead of workspace ns
postBuild:
substitute:
releaseNamespace: ${releaseNamespace}
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- pre-upgrade.yaml
60 changes: 60 additions & 0 deletions services/logging-operator/4.2.3/pre-upgrade/pre-upgrade.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: logging-operator-pre-upgrade
namespace: ${releaseNamespace}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: logging-operator-pre-upgrade
namespace: ${releaseNamespace}
rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "watch", "list", "update", "patch", "create"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: logging-operator-pre-upgrade
namespace: ${releaseNamespace}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: logging-operator-pre-upgrade
subjects:
- kind: ServiceAccount
name: logging-operator-pre-upgrade
namespace: ${releaseNamespace}
---
apiVersion: batch/v1
kind: Job
metadata:
name: logging-operator-pre-upgrade
namespace: ${releaseNamespace}
spec:
ttlSecondsAfterFinished: 100
template:
metadata:
name: logging-operator-pre-upgrade
spec:
serviceAccountName: logging-operator-pre-upgrade
restartPolicy: OnFailure
priorityClassName: dkp-critical-priority
containers:
- name: kubetools
image: "mesosphere/kommander2-kubetools:${kommanderChartVersion:=v2.6.0-dev}"
command:
- sh
- "-c"
- |-
/bin/bash <<'EOF'
set -o nounset
set -o errexit
set -o pipefail

# TODO: wait for HelmRelease to not be in-progress?

helm mapkubeapis logging-operator --namespace ${releaseNamespace}
EOF
Loading