[patch] Move MAS instance Mongo data wipe job to sync-jobs application #176
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 18 commits
July 25, 2024 16:48
This means ArgoCD will not delete the namespace when the application is deleted. This is the safer option, but it does mean that the namespace will have to be cleaned up manually. MASCORE-3303
This reverts commit 6b8a29e.
…ng to move this logic to the sync-jobs application instead)
…attempting to remove the MAS user This ensures that the role has access to the primary host. This was copied from the existing add-user_Job which already did this.
tomklapiscak
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
https://jsw.ibm.com/browse/MASCORE-3100
The PostDelete annotated secret necessary for running this Job in the mongocfg application was causing deprovisioning to hang due to a known issue in ArgoCD.
The approach we've taken for PostDelete jobs that depend on other resources (e.g. secrets) is to move them to the
sync-jobsapplication. This has a supporting applicationsync-resthat contains the secret needed by this job. Sincesync-resis in an earlier syncwave thansync-jobs, the resources will persist until after any PostDelete hooks insync-jobshave completed.This approach seemed appropriate here. In fact, the existing PostDelete-aws-docdb-remove-user_Job seems like a good fit for performing the mongo data wipe.
The PR also fixes an additional issue in PostDelete-aws-docdb-remove-user_Job where only the first Mongo host was being passed into the aws_documentdb_user role. If this host did not happen to be the primary, the role would fail to execute. With these changes, all known hosts are passed to the role.
NOTE: The code in this PR is built on top of the mascore3340 branch (since I wanted to test everything together in a single deployment). This PR currently targets mascore3340. mascore3340 should be merged into master first, then this PR should be updated to target master before being merged.
Supporting changes to the CLI are here: ibm-mas/cli#1144
Testing
Verified new job logic in fvtsaas. On deleting mas-instance-base.yaml from the gitops repo, the postdelete hook runs:
and completes successfully:
Example job logs: https://ibm.box.com/s/250l1o4pfx1xzpg2uwpmh5lsx4ufthhz