diff --git a/deploy_apps/tks-remove-servicemesh-wftpl.yaml b/deploy_apps/tks-remove-servicemesh-wftpl.yaml index fd413cce..9e4bf98a 100644 --- a/deploy_apps/tks-remove-servicemesh-wftpl.yaml +++ b/deploy_apps/tks-remove-servicemesh-wftpl.yaml @@ -4,275 +4,94 @@ metadata: name: tks-remove-servicemesh namespace: argo spec: - entrypoint: delete-start + entrypoint: remove-tks-service-mesh arguments: parameters: - - name: site_name - value: hanu-reference - - name: iop_controlplane_name - value: istio-controlplane - - name: iop_gateway_name - value: istio-ingress-gateway - - name: revision - value: 1-10-2 - - name: namespace - value: istio-system - - name: kube_version - value: v1.18.6 - templates: - - name: delete-start - steps: - - - name: delete-argocd-app - template: delete-argocd-app - arguments: - parameters: - - name: app_group - value: service-mesh - - name: site_name - value: "{{workflow.parameters.site_name}}" - - - name: delete-finalizer-app - template: delete-finalizer-app - arguments: - parameters: - - name: namespace - value: '{{workflow.parameters.namespace}}' - - name: site_name - value: "{{workflow.parameters.site_name}}" - - name: kubeconfig_secret_name - value: "{{workflow.parameters.site_name}}-kubeconfig" - - - name: delete-kuberentes-gateway - template: delete-kubernetes-resources - arguments: - parameters: - - name: component_name - value: '{{workflow.parameters.iop_gateway_name}}' - - name: component_type - value: gateway - - name: kubeconfig_secret_name - value: "{{workflow.parameters.site_name}}-kubeconfig" - - - name: delete-kubernetes-controlplane - template: delete-kubernetes-resources - arguments: - parameters: - - name: component_name - value: '{{workflow.parameters.iop_controlplane_name}}' - - name: component_type - value: controlplane - - name: kubeconfig_secret_name - value: "{{workflow.parameters.site_name}}-kubeconfig" - - - name: delete-namespace - template: delete-namespace - arguments: - parameters: - - name: namespace - value: '{{workflow.parameters.namespace}}' - - name: kubeconfig_secret_name - value: "{{workflow.parameters.site_name}}-kubeconfig" - - name: delete-argocd-app - inputs: - parameters: - - name: app_group - - name: site_name - container: - name: delete-argocd-app - image: docker.io/sktcloud/argocd-cli:v2.2.5 - command: - - /bin/bash - - '-c' - - | - function log() { - level=$1 - msg=$2 - date=$(date '+%F %H:%M:%S') - echo "[$date] $level $msg" - } - ./argocd login $ARGO_SERVER --plaintext --insecure --username $ARGO_USERNAME \ - --password $ARGO_PASSWORD - - export ARGOCD_APP_NAME=$(echo "${SITE_NAME:0:8}")-service-mesh + - name: app_group + value: "service-mesh" + - name: site_repo_url + value: "https://github.com/openinfradev/decapod-site" + #=============================== + # For tks-info task + #=============================== + - name: tks_info_host + value: "127.0.0.1" + - name: cluster_id + value: "abbead61-ff2a-4af4-8f41-d2c44c745de7" + - name: app_group_id + value: "abbead61-ff2a-4af4-8f41-d2c44c745de7" + - name: app_prefix + value: "{{=sprig.substr(0, 8, workflow.parameters.cluster_id)}}" + - name: filter + value: "app={{=sprig.substr(0, 8, workflow.parameters.cluster_id)}}-{{workflow.parameters.app_group}}" + volumes: + - name: tks-proto-vol + configMap: + name: tks-proto - ./argocd app list -p $APP_NAME -l app=$ARGOCD_APP_NAME -o name | xargs ./argocd app delete -y - log "INFO" "deleting argocd app" - envFrom: - - secretRef: - name: decapod-argocd-config - env: - - name: APP_NAME - value: "{{inputs.parameters.app_group}}" - - name: SITE_NAME - value: '{{inputs.parameters.site_name}}' - activeDeadlineSeconds: 900 - retryStrategy: - limit: 2 - - name: delete-finalizer-app - inputs: - parameters: - - name: namespace - - name: site_name - - name: kubeconfig_secret_name - container: - name: delete-finalizer-app - image: 'k8s.gcr.io/hyperkube:{{workflow.parameters.kube_version}}' - command: - - /bin/bash - - '-c' - - | - function log() { - level=$1 - msg=$2 - date=$(date '+%F %H:%M:%S') - echo "[$date] $level $msg" - } + templates: + #========================================================= + # Template Pipeline + #========================================================= + - name: remove-tks-service-mesh + steps: + - - name: remove-service-mech + templateRef: + name: remove-servicemesh-all + template: remove-start - APP_PREFIX=${SITE_NAME:0:8} - cat <<< "$KUBE_CONFIG" > /etc/kubeconfig - - kubectl patch app $APP_PREFIX-servicemesh-kiali-resource -n argo --type merge -p '{"metadata":{"finalizers": [null]}}' - kubectl patch app $APP_PREFIX-servicemesh-gateway -n argo --type merge -p '{"metadata":{"finalizers": [null]}}' - kubectl patch app $APP_PREFIX-servicemesh-controlplane -n argo --type merge -p '{"metadata":{"finalizers": [null]}}' - kubectl --kubeconfig=/etc/kubeconfig patch kialis kiali -n ${NAMESPACE} --type merge -p '{"metadata":{"finalizers": [null]}}' - - log "INFO" "argocd apps and kialis finalizers successfully deleted." - env: - - name: NAMESPACE - value: '{{inputs.parameters.namespace}}' - - name: SITE_NAME - value: '{{inputs.parameters.site_name}}' - - name: KUBE_CONFIG - valueFrom: - secretKeyRef: - name: "{{ inputs.parameters.kubeconfig_secret_name }}" - key: value - activeDeadlineSeconds: 900 - retryStrategy: - limit: 2 - - name: delete-kubernetes-resources - inputs: - parameters: - - name: component_name - - name: component_type - - name: kubeconfig_secret_name - container: - name: delete-kubernetes-resources - image: 'k8s.gcr.io/hyperkube:{{workflow.parameters.kube_version}}' - command: - - /bin/bash - - '-c' - - | - function log() { - level=$1 - msg=$2 - date=$(date '+%F %H:%M:%S') - echo "[$date] $level $msg" - } + - - name: updateTksInfo + templateRef: + name: delete-tks-app-group-info + template: deleteTksAppGroup - function deleteGateway() { - log "INFO" "deleteGateway() called!" - log "INFO" "REVISION = [${REVISION}]" - log "INFO" "COMPONENT_NAME = [${COMPONENT_NAME}]" - log "INFO" "NAMESPACE = [${NAMESPACE}]" - LABELS="istio.io/rev=${REVISION},operator.istio.io/component=IngressGateways" - kubectl --kubeconfig=/etc/kubeconfig patch istiooperators ${COMPONENT_NAME}-${REVISION} -n ${NAMESPACE} --type merge -p '{"metadata":{"finalizers": [null]}}' - kubectl --kubeconfig=/etc/kubeconfig delete istiooperators ${COMPONENT_NAME}-${REVISION} -n ${NAMESPACE} - kubectl --kubeconfig=/etc/kubeconfig delete deployments -n ${NAMESPACE} -l ${LABELS} - kubectl --kubeconfig=/etc/kubeconfig delete services -n ${NAMESPACE} -l ${LABELS} - kubectl --kubeconfig=/etc/kubeconfig delete hpa -n ${NAMESPACE} -l ${LABELS} - kubectl --kubeconfig=/etc/kubeconfig delete poddisruptionbudgets -n ${NAMESPACE} -l ${LABELS} - kubectl --kubeconfig=/etc/kubeconfig delete serviceaccounts -n ${NAMESPACE} -l ${LABELS} - kubectl --kubeconfig=/etc/kubeconfig delete rolebindings -n ${NAMESPACE} -l ${LABELS} - kubectl --kubeconfig=/etc/kubeconfig delete roles -n ${NAMESPACE} -l ${LABELS} - kubectl --kubeconfig=/etc/kubeconfig delete helmreleases service-mesh-gateway -n default - } - function deleteControlplane() { - log "INFO" "deleteControlplane() called!" - log "INFO" "REVISION = [${REVISION}]" - log "INFO" "COMPONENT_NAME = [${COMPONENT_NAME}]" - log "INFO" "NAMESPACE = [${NAMESPACE}]" - LABELS="istio.io/rev=${REVISION},operator.istio.io/component=Pilot" - kubectl --kubeconfig=/etc/kubeconfig patch istiooperators ${COMPONENT_NAME}-${REVISION} -n ${NAMESPACE} --type merge -p '{"metadata":{"finalizers": [null]}}' - kubectl --kubeconfig=/etc/kubeconfig delete istiooperators ${COMPONENT_NAME}-${REVISION} -n ${NAMESPACE} - kubectl --kubeconfig=/etc/kubeconfig delete deployments -n ${NAMESPACE} -l ${LABELS} - kubectl --kubeconfig=/etc/kubeconfig delete services -n ${NAMESPACE} -l ${LABELS} - kubectl --kubeconfig=/etc/kubeconfig delete hpa -n ${NAMESPACE} -l ${LABELS} - kubectl --kubeconfig=/etc/kubeconfig delete configmaps -n ${NAMESPACE} -l ${LABELS} - kubectl --kubeconfig=/etc/kubeconfig delete poddisruptionbudgets -n ${NAMESPACE} -l ${LABELS} - kubectl --kubeconfig=/etc/kubeconfig delete envoyfilters -n ${NAMESPACE} -l ${LABELS} - kubectl --kubeconfig=/etc/kubeconfig delete mutatingwebhookconfigurations -l ${LABELS} - kubectl --kubeconfig=/etc/kubeconfig delete serviceaccounts -n ${NAMESPACE} -l ${LABELS} - kubectl --kubeconfig=/etc/kubeconfig delete rolebindings -n ${NAMESPACE} -l ${LABELS} - kubectl --kubeconfig=/etc/kubeconfig delete roles -n ${NAMESPACE} -l ${LABELS} - kubectl --kubeconfig=/etc/kubeconfig delete clusterrolebindings -l ${LABELS} - kubectl --kubeconfig=/etc/kubeconfig delete clusterroles -l ${LABELS} - kubectl --kubeconfig=/etc/kubeconfig delete helmreleases service-mesh-controlplane -n default - } + #========================================================= + # Template Definition + #========================================================= + - name: delete-ingress-temporary + inputs: + parameters: + - name: site_name + container: + name: delete-ingress-temporary + image: 'gcr.io/google-containers/hyperkube:v1.18.6' + command: + - /bin/bash + - '-c' + - | + function log() { + level=$1 + msg=$2 + date=$(date '+%F %H:%M:%S') + echo "[$date] $level $msg" + } - cat <<< "$KUBE_CONFIG" > /etc/kubeconfig + function delete_ingress() { + ingress_name=$1 + namespace=$2 - # delete Kubernetes resources - if [[ ! -z "$COMPONENT_NAME" ]]; then - if [[ ${COMPONENT_TYPE} =~ controlplane ]]; then - log "INFO" "delete istio Controlplane" - deleteControlplane - elif [[ ${COMPONENT_TYPE} =~ gateway ]]; then - log "INFO" "delete istio Gateway" - deleteGateway - else - log "ERROR" "${COMPONENT_TYPE} does'nt exist." - exit 1 - fi - fi + kube_params="" + if [[ -n "{{workflow.parameters.cluster_id}}" ]]; then + kube_secret=$(kubectl get secret -n {{workflow.parameters.cluster_id}} {{workflow.parameters.cluster_id}}-kubeconfig -o jsonpath="{.data.value}" | base64 -d) + echo -e "kube_secret:\n$kube_secret" | head -n 5 + cat <<< "$kube_secret" > /etc/kubeconfig + kube_params+="--kubeconfig=/etc/kubeconfig" + fi - log "INFO" "${COMPONENT_NAME} successfully deleted." - env: - - name: COMPONENT_NAME - value: '{{inputs.parameters.component_name}}' - - name: COMPONENT_TYPE - value: '{{inputs.parameters.component_type}}' - - name: REVISION - value: '{{workflow.parameters.revision}}' - - name: NAMESPACE - value: '{{workflow.parameters.namespace}}' - - name: KUBE_CONFIG - valueFrom: - secretKeyRef: - name: "{{ inputs.parameters.kubeconfig_secret_name }}" - key: value - activeDeadlineSeconds: 900 - retryStrategy: - limit: 2 - - name: delete-namespace - inputs: - parameters: - - name: namespace - - name: kubeconfig_secret_name - container: - name: delete-namespace - image: 'k8s.gcr.io/hyperkube:{{workflow.parameters.kube_version}}' - command: - - /bin/bash - - '-c' - - | - function log() { - level=$1 - msg=$2 - date=$(date '+%F %H:%M:%S') - echo "[$date] $level $msg" - } + kubectl $kube_params get ing $ingress_name -n $namespace + if [[ $? =~ 1 ]]; then + kubectl $kube_params delete ing $ingress_name -n $namespace + log "INFO" "${ingress_name} in ${namespace} successfully deleted." + fi + } - cat <<< "$KUBE_CONFIG" > /etc/kubeconfig - - kubectl --kubeconfig=/etc/kubeconfig delete ns ${NAMESPACE} - - log "INFO" "${NAMESPACE} successfully deleted." - env: - - name: NAMESPACE - value: '{{inputs.parameters.namespace}}' - - name: KUBE_CONFIG - valueFrom: - secretKeyRef: - name: "{{ inputs.parameters.kubeconfig_secret_name }}" - key: value - activeDeadlineSeconds: 900 - retryStrategy: - limit: 2 + delete_ingress "grafana" "lma" + delete_ingress "kibana" "lma" + delete_ingress "kiali" "istio-system" + env: + - name: SITE_NAME + value: '{{inputs.parameters.site_name}}' + activeDeadlineSeconds: 900 + retryStrategy: + limit: 2 diff --git a/deploy_apps/tks-service-mesh-wftpl.yaml b/deploy_apps/tks-service-mesh-wftpl.yaml index c07e1015..8735005e 100644 --- a/deploy_apps/tks-service-mesh-wftpl.yaml +++ b/deploy_apps/tks-service-mesh-wftpl.yaml @@ -4,294 +4,134 @@ metadata: name: tks-service-mesh namespace: argo spec: - entrypoint: deploy + entrypoint: deploy-tks-service-mesh arguments: parameters: - - name: site_name - value: hanu-reference - - name: app_group - value: service-mesh - - name: manifest_repo_url - value: 'https://github.com/openinfradev/decapod-manifests' - - name: revision - value: main + - name: site_name + value: "hanu-reference" + # Replace these urls properly for your env # + - name: site_repo_url + value: "https://github.com/openinfradev/decapod-site" + - name: manifest_repo_url + value: "https://github.com/openinfradev/decapod-manifests" + - name: revision + value: "main" + - name: app_prefix + value: "{{=sprig.substr(0, 8, workflow.parameters.site_name)}}" + #=============================== + # For tks-info task + #=============================== + - name: tks_info_host + value: "127.0.0.1" + - name: cluster_id + value: "abbead61-ff2a-4af4-8f41-d2c44c745de7" + - name: app_group_id + value: "abbead61-ff2a-4af4-8f41-d2c44c745de7" + volumes: + - name: tks-proto-vol + configMap: + name: tks-proto + templates: - - name: deploy - dag: - tasks: - - name: create-eck-secret - template: copy-eck-secret - arguments: - parameters: - - name: secret_name - value: eck-elasticsearch-es-http-certs-public - - name: source_namespace - value: lma - - name: target_namespace - value: istio-system - - name: kubeconfig_secret_name - value: "{{workflow.parameters.site_name}}-kubeconfig" - - name: istio-operator - arguments: - parameters: - - name: list - value: | - [ - { "path": "istio-operator", "namespace": "istio-operator" } - ] - templateRef: - name: create-application - template: installApps - dependencies: - - create-eck-secret - - name: istio-controlplane - arguments: - parameters: - - name: list - value: | - [ - { "path": "servicemesh-controlplane", "namespace": "istio-system" } - ] - templateRef: - name: create-application - template: installApps - dependencies: - - istio-operator - - name: istio-gateway - arguments: - parameters: - - name: list - value: | - [ - { "path": "servicemesh-gateway", "namespace": "istio-system" } - ] - templateRef: - name: create-application - template: installApps - dependencies: - - istio-controlplane - - name: jaeger-kiali-operator - arguments: - parameters: - - name: list - value: | - [ - { "path": "jaeger-operator", "namespace": "istio-system" }, - { "path": "kiali-operator", "namespace": "istio-system" } - ] - templateRef: - name: create-application - template: installApps - dependencies: - - istio-controlplane - - name: servicemesh-jaeger-kiali-resource - arguments: - parameters: - - name: list - value: | - [ - { "path": "servicemesh-jaeger-resource", "namespace": "istio-system" }, - { "path": "servicemesh-kiali-resource", "namespace": "istio-system" } - ] - templateRef: - name: create-application - template: installApps - dependencies: - - jaeger-kiali-operator - - name: grafana-prometheus-resource - arguments: - parameters: - - name: list - value: | - [ - { "path": "servicemesh-grafana-dashboard", "namespace": "istio-system" }, - { "path": "servicemesh-prometheusmonitor", "namespace": "istio-system" }, - { "path": "servicemesh-prometheusrule", "namespace": "istio-system" } - ] - templateRef: - name: create-application - template: installApps - dependencies: - - jaeger-kiali-operator - - name: sync-app - template: sync-app - arguments: - parameters: - - name: site_name - value: "{{workflow.parameters.site_name}}" - dependencies: - - grafana-prometheus-resource - - name: deploy-ingress-temporary - template: deploy-ingress-temporary - arguments: - parameters: - - name: site_name - value: "{{workflow.parameters.site_name}}" - - name: kubeconfig_secret_name - value: "{{workflow.parameters.site_name}}-kubeconfig" - dependencies: - - sync-app - - name: copy-eck-secret - arguments: {} - inputs: - parameters: - - name: secret_name - - name: source_namespace - - name: target_namespace - - name: kubeconfig_secret_name - outputs: {} - metadata: {} - container: - name: copy-eck-secret - image: 'k8s.gcr.io/hyperkube:v1.18.6' - command: - - /bin/bash - - '-c' - - | - function log() { - level=$1 - msg=$2 - date=$(date '+%F %H:%M:%S') - echo "[$date] $level $msg" - } - - cat <<< "$KUBE_CONFIG" > /etc/kubeconfig - - kubectl --kubeconfig=/etc/kubeconfig get ns ${TARGET_NAMESPACE} - if [[ $? =~ 1 ]]; then - kubectl --kubeconfig=/etc/kubeconfig create ns ${TARGET_NAMESPACE} - kubectl --kubeconfig=/etc/kubeconfig label ns ${TARGET_NAMESPACE} name=${SOURCE_NAMESPACE} - kubectl --kubeconfig=/etc/kubeconfig label ns ${TARGET_NAMESPACE} taco-tls=enabled - log "INFO" "${TARGET_NAMESPACE} successfully created." - fi + #========================================================= + # Template Pipeline + #========================================================= + - name: deploy-tks-service-mesh + steps: + - - name: install-service-mesh-app + templateRef: + name: service-mesh + template: deploy-start - kubectl --kubeconfig=/etc/kubeconfig get secret ${SECRET_NAME} - if [[ $? =~ 1 ]]; then - kubectl --kubeconfig=/etc/kubeconfig get secret ${SECRET_NAME} -n ${SOURCE_NAMESPACE} -o yaml \ - | grep -v '^\s*namespace:\s' \ - | kubectl --kubeconfig=/etc/kubeconfig apply -n ${TARGET_NAMESPACE} -f - - log "INFO" "${SECRET_NAME} successfully created." - fi - env: - - name: SECRET_NAME - value: '{{inputs.parameters.secret_name}}' - - name: SOURCE_NAMESPACE - value: '{{inputs.parameters.source_namespace}}' - - name: TARGET_NAMESPACE - value: '{{inputs.parameters.target_namespace}}' - - name: KUBE_CONFIG - valueFrom: - secretKeyRef: - name: "{{ inputs.parameters.kubeconfig_secret_name }}" - key: value - resources: {} - activeDeadlineSeconds: 900 - retryStrategy: - limit: 2 - - name: sync-app - arguments: {} - inputs: - parameters: - - name: site_name - outputs: {} - metadata: {} - container: - name: sync-app - image: docker.io/sktcloud/argocd-cli:v2.2.5 - command: - - /bin/bash - - '-c' - - | - ./argocd login $ARGO_SERVER --plaintext --insecure --username $ARGO_USERNAME \ - --password $ARGO_PASSWORD + - - name: updateTksInfo + templateRef: + name: update-tks-app-group-info + template: updateTksAppGroup + arguments: + parameters: + # TODO: Can this be pre-determined? Or composed dynamically on deployment? + - name: endpoints + value: "{'SERVICE-MESH': 'dashboard.cluster_xy'}" + - name: app_group_status + value: "APP_GROUP_RUNNING" - export ARGOCD_APP_NAME=$(echo "${SITE_NAME:0:8}")-service-mesh - - ./argocd app sync -l app=$ARGOCD_APP_NAME - env: - - name: SITE_NAME - value: '{{inputs.parameters.site_name}}' - envFrom: - - secretRef: - name: decapod-argocd-config - resources: {} - activeDeadlineSeconds: 900 - retryStrategy: - limit: 2 - - name: deploy-ingress-temporary - inputs: - parameters: - - name: site_name - - name: kubeconfig_secret_name - container: - name: deploy-ingress-temporary - image: 'k8s.gcr.io/hyperkube:v1.18.6' - command: - - /bin/bash - - '-c' - - | - function log() { - level=$1 - msg=$2 - date=$(date '+%F %H:%M:%S') - echo "[$date] $level $msg" - } + #========================================================= + # Template Definition + #========================================================= + - name: deploy-ingress-temporary + inputs: + parameters: + - name: site_name + - name: kubeconfig_secret_name + container: + name: deploy-ingress-temporary + image: 'gcr.io/google-containers/hyperkube:v1.18.6' + command: + - /bin/bash + - '-c' + - | + function log() { + level=$1 + msg=$2 + date=$(date '+%F %H:%M:%S') + echo "[$date] $level $msg" + } - function deploy_ingress() { - ingress_name=$1 - namespace=$2 - host_name=$3 - service_name=$4 - service_port=$5 + function deploy_ingress() { + ingress_name=$1 + namespace=$2 + host_name=$3 + service_name=$4 + service_port=$5 - kubectl --kubeconfig=/etc/kubeconfig get ing $ingress_name -n $namespace - if [[ $? =~ 1 ]]; then - cat < /etc/kubeconfig + cat <<< "$KUBE_CONFIG" > /etc/kubeconfig - deploy_ingress "grafana" "lma" $GRAFANA_HOST "grafana" "80" - deploy_ingress "kibana" "lma" $KIBANA_HOST "eck-kibana-kb-http" "5601" - deploy_ingress "kiali" "istio-system" $KIALI_HOST "kiali" "20001" - env: - - name: SITE_NAME - value: '{{inputs.parameters.site_name}}' - - name: KUBE_CONFIG - valueFrom: - secretKeyRef: - name: "{{ inputs.parameters.kubeconfig_secret_name }}" - key: value - activeDeadlineSeconds: 900 - retryStrategy: - limit: 2 + deploy_ingress "grafana" "lma" $GRAFANA_HOST "grafana" "80" + deploy_ingress "kibana" "lma" $KIBANA_HOST "eck-kibana-kb-http" "5601" + deploy_ingress "kiali" "istio-system" $KIALI_HOST "kiali" "20001" + env: + - name: SITE_NAME + value: '{{inputs.parameters.site_name}}' + - name: KUBE_CONFIG + valueFrom: + secretKeyRef: + name: "{{ inputs.parameters.kubeconfig_secret_name }}" + key: value + activeDeadlineSeconds: 900 + retryStrategy: + limit: 2