Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CASMINST-5657 Add common WorkflowTemplate to sync secret to Argo namespace #5610

Draft
wants to merge 1 commit into
base: release/1.6
Choose a base branch
from
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
#
# MIT License
#
# (C) Copyright 2024 Hewlett Packard Enterprise Development LP
#
# Permission is hereby granted, free of charge, to any person obtaining a
# copy of this software and associated documentation files (the "Software"),
# to deal in the Software without restriction, including without limitation
# the rights to use, copy, modify, merge, publish, distribute, sublicense,
# and/or sell copies of the Software, and to permit persons to whom the
# Software is furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included
# in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR
# OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
# ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
# OTHER DEALINGS IN THE SOFTWARE.
#
apiVersion: argoproj.io/v1alpha1
kind: WorkflowTemplate
metadata:
name: cleanup-nexus-admin-credential-template
namespace: argo
annotations:
sidecar.istio.io/inject: "false"
spec:
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
- key: node-role.kubernetes.io/control-plane
effect: NoSchedule
entrypoint: cleanup-nexus-admin-credential
arguments:
parameters:
- name: nexus_admin_credential_secret_name
templates:
- name: cleanup-nexus-admin-credential
inputs:
parameters:
- name: nexus_admin_credential_secret_name
script:
image: artifactory.algol60.net/csm-docker/stable/docker.io/portainer/kubectl-shell:latest-v1.21.1-amd64
command: [bash]
source: |
nexus_secret_name={{inputs.parameters.nexus_admin_credential_secret_name}}
echo "DEBUG Deleting secret $nexus_secret_name from argo workspace"
result=$(kubectl -n argo delete secret/$nexus_secret_name 2>&1)
if [ $? -ne 0 ]; then
result=$(echo "$result" | sed -e 's/^/DEBUG /')
echo "ERROR Deleting secret $nexus_secret_name failed in argo namespace"
echo -e "DEBUG <kubectl -n argo delete secret/$nexus_secret_name> failed with\n\n$result"
fi
Original file line number Diff line number Diff line change
Expand Up @@ -60,16 +60,20 @@ spec:
name: workflow-template-record-time-template
template: record-time-template
- - name: nexus-get-prerequisites
template: nexus-get-prerequisites-template
templateRef:
name: nexus-get-prerequisites-template
template: nexus-get-prerequisites
arguments:
parameters:
- name: global_params
value: "{{inputs.parameters.global_params}}"
- - name: nexus-docker-load
template: nexus-docker-load-template
hooks:
exit:
template: cleanup-template
exit:
templateRef:
name: cleanup-nexus-admin-credential-template
template: cleanup-nexus-admin-credential
arguments:
parameters:
- name: nexus_admin_credential_secret_name
Expand Down Expand Up @@ -152,103 +156,6 @@ spec:
command: [sh, -c]
args: ["DIFF_TIME=$(expr {{inputs.parameters.opend}} - {{inputs.parameters.opstart}}); echo $DIFF_TIME; echo $DIFF_TIME > /tmp/diff_time.txt"]
### Templates ###
## nexus-get-prerequisites-template ##
- name: nexus-get-prerequisites-template
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
- key: node-role.kubernetes.io/control-plane
effect: NoSchedule
metadata:
annotations:
sidecar.istio.io/inject: "false"
inputs:
parameters:
- name: global_params
value: "{{workflow.parameters.global_params}}"
outputs:
parameters:
- name: secret_name
valueFrom:
path: /tmp/secret_name
- name: current_product_manifest
valueFrom:
path: /tmp/current_product_manifest
- name: product_directory
valueFrom:
path: /tmp/product_directory
retryStrategy:
limit: "2"
retryPolicy: "Always"
backoff:
duration: "10s" # Must be a string. Default unit is seconds. Could also be a Duration, e.g.: "2m", "6h", "1d"
factor: "2"
maxDuration: "1m"
script:
# TBD: This is a repeated function. Can this change to a reference?
image: artifactory.algol60.net/csm-docker/stable/docker.io/portainer/kubectl-shell:latest-v1.21.1-amd64
command: [bash]
source: |
function sync_item() {
item_name="$1"
source_ns="$2"
destination_name="$3-$RANDOM"
destination_ns="$4"
result=$(kubectl get $item_name -n $source_ns 2>&1)
if [ $? -eq 0 ]; then
echo "DEBUG Syncing $item_name from $source_ns to $destination_ns as $destination_name"
kubectl get $item_name -n $source_ns -o json | \
jq 'del(.metadata.namespace)' | \
jq 'del(.metadata.creationTimestamp)' | \
jq 'del(.metadata.resourceVersion)' | \
jq 'del(.metadata.selfLink)' | \
jq 'del(.metadata.uid)' | \
jq 'del(.metadata.ownerReferences)' | \
jq 'del(.metadata.name)' | \
jq '.metadata |= . + {"name":"'$destination_name'"}' | \
kubectl apply -n $destination_ns -f -
rc=$?
if [ $rc -ne 0 ]; then
echo "ERROR Failed to create secret $destination_name in $destination_ns namespace from $item_name in $source_ns namespace"
fi
return $rc
else
echo "ERROR $item_name not found in $source_ns namespace"
result=$(echo "$result" | sed -e 's/^/DEBUG /')
echo -e "DEBUG <kubectl get $item_name -n $source_ns> failed with\n\n$result"
return 1
fi
}
err=0
sync_item secret/nexus-admin-credential nexus nexus-admin-credential-argo argo
if [ $? -ne 0 ]; then
err=1
fi
echo $destination_name > /tmp/secret_name

# Retrieve the content of the current product manifest as json.
product_name={{inputs.parameters.global_params}} | jq -r '.product_manifest.current_product.name'
echo "DEBUG Fetching the product manifest for $product_name"
cat <<EOF | jq '.product_manifest.current_product.manifest.content' > /tmp/current_product_manifest
{{inputs.parameters.global_params}}
EOF
if [ $? -ne 0 ]; then
err=1
echo "ERROR Failed to fetch product manifest for $product_name. Rerun with valid product tarball from 'process-media' stage"
fi

# Retrieve the product directory.
echo "DEBUG Retrieving the product directory for $product_name"
cat <<EOF | jq -r '.product_manifest.current_product.original_location' > /tmp/product_directory
{{inputs.parameters.global_params}}
EOF
if [ $? -ne 0 ]; then
echo "ERROR Failed to fetch product directory for $product_name. Rerun with valid product tarball from 'process-media' stage"
err=1
fi

# Exit with an error if we had any.
exit $err
## nexus-docker-load-template ##
- name: nexus-docker-load-template
inputs:
Expand Down Expand Up @@ -294,31 +201,3 @@ spec:
- name: image
hostPath:
path: "{{inputs.parameters.product_directory}}"
## cleanup-template ##
## Remove the secret created earlier.
# TBD: This is a repeated function. Can this change to a reference?
- name: cleanup-template
inputs:
parameters:
- name: nexus_admin_credential_secret_name
value: "{{steps.nexus-get-prerequisites.outputs.parameters.secret_name}}"
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
- key: node-role.kubernetes.io/control-plane
effect: NoSchedule
metadata:
annotations:
sidecar.istio.io/inject: "false"
script:
image: artifactory.algol60.net/csm-docker/stable/docker.io/portainer/kubectl-shell:latest-v1.21.1-amd64
command: [bash]
source: |
nexus_secret_name={{inputs.parameters.nexus_admin_credential_secret_name}}
echo "DEBUG Deleting secret $nexus_secret_name from argo workspace"
result=$(kubectl -n argo delete secret/$nexus_secret_name 2>&1)
if [ $? -ne 0 ]; then
result=$(echo "$result" | sed -e 's/^/DEBUG /')
echo "ERROR Deleting secret $nexus_secret_name failed in argo namespace"
echo -e "DEBUG <kubectl -n argo delete secret/$nexus_secret_name> failed with\n\n$result"
fi
Original file line number Diff line number Diff line change
@@ -0,0 +1,124 @@
#
# MIT License
#
# (C) Copyright 2024 Hewlett Packard Enterprise Development LP
#
# Permission is hereby granted, free of charge, to any person obtaining a
# copy of this software and associated documentation files (the "Software"),
# to deal in the Software without restriction, including without limitation
# the rights to use, copy, modify, merge, publish, distribute, sublicense,
# and/or sell copies of the Software, and to permit persons to whom the
# Software is furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included
# in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR
# OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
# ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
# OTHER DEALINGS IN THE SOFTWARE.
#
apiVersion: argoproj.io/v1alpha1
kind: WorkflowTemplate
metadata:
name: nexus-get-prerequisites-template
namespace: argo
annotations:
sidecar.istio.io/inject: "false"
spec:
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
- key: node-role.kubernetes.io/control-plane
effect: NoSchedule
entrypoint: nexus-get-prerequisites
templates:
- name: nexus-get-prerequisites
inputs:
parameters:
- name: global_params
outputs:
parameters:
- name: secret_name
valueFrom:
path: /tmp/secret_name
- name: current_product_manifest
valueFrom:
path: /tmp/current_product_manifest
- name: product_directory
valueFrom:
path: /tmp/product_directory
retryStrategy:
limit: "2"
retryPolicy: "Always"
backoff:
duration: "10s"
factor: "2"
maxDuration: "1m"
script:
image: artifactory.algol60.net/csm-docker/stable/docker.io/portainer/kubectl-shell:latest-v1.21.1-amd64
command: [bash]
source: |
function sync_item() {
item_name="$1"
source_ns="$2"
destination_name="$3-$RANDOM"
destination_ns="$4"
result=$(kubectl get $item_name -n $source_ns 2>&1)
if [ $? -eq 0 ]; then
echo "DEBUG Syncing $item_name from $source_ns to $destination_ns as $destination_name"
kubectl get $item_name -n $source_ns -o json | \
jq 'del(.metadata.namespace)' | \
jq 'del(.metadata.creationTimestamp)' | \
jq 'del(.metadata.resourceVersion)' | \
jq 'del(.metadata.selfLink)' | \
jq 'del(.metadata.uid)' | \
jq 'del(.metadata.ownerReferences)' | \
jq 'del(.metadata.name)' | \
jq '.metadata |= . + {"name":"'$destination_name'"}' | \
kubectl apply -n $destination_ns -f -
rc=$?
if [ $rc -ne 0 ]; then
echo "ERROR Failed to create secret $destination_name in $destination_ns namespace from $item_name in $source_ns namespace"
fi
return $rc
else
echo "ERROR $item_name not found in $source_ns namespace"
result=$(echo "$result" | sed -e 's/^/DEBUG /')
echo -e "DEBUG <kubectl get $item_name -n $source_ns> failed with\n\n$result"
return 1
fi
}
err=0
sync_item secret/nexus-admin-credential nexus nexus-admin-credential-argo argo
if [ $? -ne 0 ]; then
err=1
fi
echo $destination_name > /tmp/secret_name

# Retrieve the content of the current product manifest as json.
product_name={{inputs.parameters.global_params}} | jq -r '.product_manifest.current_product.name'
echo "DEBUG Fetching the product manifest for $product_name"
cat <<EOF | jq '.product_manifest.current_product.manifest.content' > /tmp/current_product_manifest
{{inputs.parameters.global_params}}
EOF
if [ $? -ne 0 ]; then
err=1
echo "ERROR Failed to fetch product manifest for $product_name. Rerun with valid product tarball from 'process-media' stage"
fi

# Retrieve the product directory.
echo "DEBUG Retrieving the product directory for $product_name"
cat <<EOF | jq -r '.product_manifest.current_product.original_location' > /tmp/product_directory
{{inputs.parameters.global_params}}
EOF
if [ $? -ne 0 ]; then
echo "ERROR Failed to fetch product directory for $product_name. Rerun with valid product tarball from 'process-media' stage"
err=1
fi

# Exit with an error if we had any.
exit $err
Loading
Loading