From 87a664f7e5062a9fa5170ee3ea6a295b7099a203 Mon Sep 17 00:00:00 2001 From: Fabien Boucher Date: Tue, 14 Nov 2023 14:59:52 +0000 Subject: [PATCH] sfconfig prepare dev - use in CI jobs Change-Id: I3af4eb9f9d2a5a98bf64133874caf0bc1d69a75d --- cli/sfconfig/cmd/dev/run.go | 16 +++++++++++++--- .../nodepool/create_namespace_for_nodepool.go | 14 +------------- cli/sfconfig/cmd/utils/utils.go | 10 ++++++++++ playbooks/main.yaml | 18 +----------------- playbooks/upgrade.yaml | 5 +---- .../defaults/main.yaml | 0 roles/sfconfig-dev-prepare/tasks/main.yaml | 5 +++++ roles/start-gerrit/tasks/main.yaml | 5 ----- roles/start-prometheus/tasks/main.yaml | 5 ----- 9 files changed, 31 insertions(+), 47 deletions(-) rename roles/{start-gerrit => sfconfig-dev-prepare}/defaults/main.yaml (100%) create mode 100644 roles/sfconfig-dev-prepare/tasks/main.yaml delete mode 100644 roles/start-gerrit/tasks/main.yaml delete mode 100644 roles/start-prometheus/tasks/main.yaml diff --git a/cli/sfconfig/cmd/dev/run.go b/cli/sfconfig/cmd/dev/run.go index a22ce8f7..cfe050fd 100644 --- a/cli/sfconfig/cmd/dev/run.go +++ b/cli/sfconfig/cmd/dev/run.go @@ -55,7 +55,8 @@ func Run() { Cli: cli, } // TODO: only do gerrit when provision demo is on? - EnsureNamespacePermissions(&env) + EnsureNamespaces(&env) + EnsureMicroshiftWorkarounds(&env) EnsureCertManager(&env) EnsurePrometheusOperator(&env) gerrit.EnsureGerrit(&env, sfconfig.FQDN) @@ -131,12 +132,21 @@ func EnsureRepo(sfconfig *config.SFConfig, apiKey string, name string) { utils.RunCmd("git", "-C", path, "reset", "--hard", "origin/master") } -func EnsureNamespacePermissions(env *utils.ENV) { +func EnsureNamespaces(env *utils.ENV) { // TODO: implement natively - // TODO: ensure setup-namespaces role use this to avoid duplication + utils.EnsureNamespace(env, env.Ns) + utils.RunCmd("kubectl", "config", "set-context", "microshift", "--namespace="+env.Ns) utils.RunCmd("kubectl", "label", "--overwrite", "ns", env.Ns, "pod-security.kubernetes.io/enforce=privileged") utils.RunCmd("kubectl", "label", "--overwrite", "ns", env.Ns, "pod-security.kubernetes.io/enforce-version=v1.24") utils.RunCmd("oc", "adm", "policy", "add-scc-to-user", "privileged", "-z", "default") + + utils.EnsureNamespace(env, "operators") + utils.RunCmd("oc", "adm", "policy", "add-scc-to-user", "privileged", "system:serviceaccount:operators:default") +} + +func EnsureMicroshiftWorkarounds(env *utils.ENV) { + // TODO: migrate from Makefile to here + utils.RunCmd("make", "setup-prometheus-operator-serviceaccount", "OPERATOR_NAMESPACE=operators") } func EnsureCRD() { diff --git a/cli/sfconfig/cmd/nodepool/create_namespace_for_nodepool.go b/cli/sfconfig/cmd/nodepool/create_namespace_for_nodepool.go index d418235e..830040ca 100644 --- a/cli/sfconfig/cmd/nodepool/create_namespace_for_nodepool.go +++ b/cli/sfconfig/cmd/nodepool/create_namespace_for_nodepool.go @@ -18,24 +18,12 @@ import ( "github.com/softwarefactory-project/sf-operator/controllers" apiv1 "k8s.io/api/core/v1" rbacv1 "k8s.io/api/rbac/v1" - "k8s.io/apimachinery/pkg/api/errors" "k8s.io/client-go/tools/clientcmd" cliapi "k8s.io/client-go/tools/clientcmd/api" - "sigs.k8s.io/controller-runtime/pkg/client" "github.com/softwarefactory-project/sf-operator/cli/sfconfig/cmd/utils" ) -func ensureNamespace(env *utils.ENV, name string) { - var ns apiv1.Namespace - if err := env.Cli.Get(env.Ctx, client.ObjectKey{Name: name}, &ns); errors.IsNotFound(err) { - ns.Name = name - utils.CreateR(env, &ns) - } else if err != nil { - panic(fmt.Errorf("could not get namespace: %s", err)) - } -} - func ensureRole(env *utils.ENV, sa string) { var role rbacv1.Role if !utils.GetM(env, "nodepool-role", &role) { @@ -189,7 +177,7 @@ func CreateNamespaceForNodepool(sfEnv *utils.ENV, nodepoolContext string, nodepo sa := "nodepool-sa" // Ensure resources exists - ensureNamespace(&nodepoolEnv, nodepoolNamespace) + utils.EnsureNamespace(&nodepoolEnv, nodepoolNamespace) utils.EnsureServiceAccount(&nodepoolEnv, sa) ensureRole(&nodepoolEnv, sa) token := ensureServiceAccountSecret(&nodepoolEnv, sa) diff --git a/cli/sfconfig/cmd/utils/utils.go b/cli/sfconfig/cmd/utils/utils.go index 5436e866..90521eb6 100644 --- a/cli/sfconfig/cmd/utils/utils.go +++ b/cli/sfconfig/cmd/utils/utils.go @@ -49,6 +49,16 @@ func RunCmd(cmdName string, args ...string) { } } +func EnsureNamespace(env *ENV, name string) { + var ns apiv1.Namespace + if err := env.Cli.Get(env.Ctx, client.ObjectKey{Name: name}, &ns); errors.IsNotFound(err) { + ns.Name = name + CreateR(env, &ns) + } else if err != nil { + panic(fmt.Errorf("could not get namespace: %s", err)) + } +} + func EnsureServiceAccount(env *ENV, name string) { var sa apiv1.ServiceAccount if !GetM(env, name, &sa) { diff --git a/playbooks/main.yaml b/playbooks/main.yaml index 77ce5d86..3146f069 100644 --- a/playbooks/main.yaml +++ b/playbooks/main.yaml @@ -4,31 +4,15 @@ - setup-variables - setup-env - sanity-check - - setup-namespaces - - start-gerrit + - sfconfig-dev-prepare tasks: - - name: CI process(standalone) - block: - - community.general.make: - target: "{{ item }}" - chdir: "{{ zuul.project.src_dir }}" - loop: - - install-cert-manager - - install-prometheus-operator - - ansible.builtin.include_role: - name: start-prometheus - when: mode == 'standalone' - - name: CI process(OLM install) ansible.builtin.include_role: name: "{{ item }}" loop: - - microshift-workarounds - build-operator-assets - clean-installations - install-operator - # we start prometheus after installing the operator, to ensure the prometheus-operator dependency was installed properly. - - start-prometheus - apply-custom-resources when: mode == 'olm' diff --git a/playbooks/upgrade.yaml b/playbooks/upgrade.yaml index edb9dc1c..432a29a3 100644 --- a/playbooks/upgrade.yaml +++ b/playbooks/upgrade.yaml @@ -4,9 +4,7 @@ - setup-variables - setup-env - sanity-check - - setup-namespaces - - microshift-workarounds - - start-gerrit + - sfconfig-dev-prepare - role: build-operator-assets vars: build_bundle: false @@ -20,5 +18,4 @@ build_bundle: true ci_bundle_img: localhost:5000/sf-operator-bundle:latest - upgrade-operator - - start-prometheus - run-tests diff --git a/roles/start-gerrit/defaults/main.yaml b/roles/sfconfig-dev-prepare/defaults/main.yaml similarity index 100% rename from roles/start-gerrit/defaults/main.yaml rename to roles/sfconfig-dev-prepare/defaults/main.yaml diff --git a/roles/sfconfig-dev-prepare/tasks/main.yaml b/roles/sfconfig-dev-prepare/tasks/main.yaml new file mode 100644 index 00000000..c5919786 --- /dev/null +++ b/roles/sfconfig-dev-prepare/tasks/main.yaml @@ -0,0 +1,5 @@ +--- +- name: Run the sfconfig dev prepare + command: "tools/sfconfig dev prepare" + args: + chdir: "{{ zuul.project.src_dir }}" diff --git a/roles/start-gerrit/tasks/main.yaml b/roles/start-gerrit/tasks/main.yaml deleted file mode 100644 index 68b17ca2..00000000 --- a/roles/start-gerrit/tasks/main.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: Deploy companion Gerrit - command: "tools/sfconfig gerrit --deploy" - args: - chdir: "{{ zuul.project.src_dir }}" diff --git a/roles/start-prometheus/tasks/main.yaml b/roles/start-prometheus/tasks/main.yaml deleted file mode 100644 index 4af1f28a..00000000 --- a/roles/start-prometheus/tasks/main.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: Deploy companion Prometheus - command: "tools/sfconfig prometheus --skip-operator-setup --fqdn {{ fqdn }}" - args: - chdir: "{{ zuul.project.src_dir | default(src_dir) }}"