Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Refactoring Service-Mesh workflow for tks and decapod #36

Merged
merged 2 commits into from
Mar 8, 2022
Merged

Refactoring Service-Mesh workflow for tks and decapod #36

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b7b05b1
Refactoring Service-Mesh workflow for tks and decapod
seungkyua Feb 15, 2022
126b03b
remove comment
seungkyua Mar 4, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
343 changes: 81 additions & 262 deletions deploy_apps/tks-remove-servicemesh-wftpl.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,275 +4,94 @@ metadata:
name: tks-remove-servicemesh
namespace: argo
spec:
entrypoint: delete-start
entrypoint: remove-tks-service-mesh
arguments:
parameters:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

특별한 이슈가 없다면 삭제 인터페이스를 LMA 와 유사하게(가능하다면 동일하게) 맞춰도 괜찮을 것 같습니다.
동일한 계위의 서비스가 계속 생길텐데, 가능하다면 유사한 인터페이스를 가지는게 좋을 것 같아요.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lma 와 좀 내용이 달라요. 일단 gateway 는 추가로 다른 namespace 에 설치될 수 있어서 해당 namespace 의 gateway 만 삭제할 수 있고, istiod 가 revision 으로 여러 버전이 설치될 수 있어서 해당 버전만 지우는 작업도 해야 합니다.
추후에 istio-operator 는 제거하고 istio helm 으로 설치하면 파라미터를 좀 더 단순하게 할 수 있을 것 같네요.

- name: site_name
value: hanu-reference
- name: iop_controlplane_name
value: istio-controlplane
- name: iop_gateway_name
value: istio-ingress-gateway
- name: revision
value: 1-10-2
- name: namespace
value: istio-system
- name: kube_version
value: v1.18.6
templates:
- name: delete-start
steps:
- - name: delete-argocd-app
template: delete-argocd-app
arguments:
parameters:
- name: app_group
value: service-mesh
- name: site_name
value: "{{workflow.parameters.site_name}}"
- - name: delete-finalizer-app
template: delete-finalizer-app
arguments:
parameters:
- name: namespace
value: '{{workflow.parameters.namespace}}'
- name: site_name
value: "{{workflow.parameters.site_name}}"
- name: kubeconfig_secret_name
value: "{{workflow.parameters.site_name}}-kubeconfig"
- - name: delete-kuberentes-gateway
template: delete-kubernetes-resources
arguments:
parameters:
- name: component_name
value: '{{workflow.parameters.iop_gateway_name}}'
- name: component_type
value: gateway
- name: kubeconfig_secret_name
value: "{{workflow.parameters.site_name}}-kubeconfig"
- - name: delete-kubernetes-controlplane
template: delete-kubernetes-resources
arguments:
parameters:
- name: component_name
value: '{{workflow.parameters.iop_controlplane_name}}'
- name: component_type
value: controlplane
- name: kubeconfig_secret_name
value: "{{workflow.parameters.site_name}}-kubeconfig"
- - name: delete-namespace
template: delete-namespace
arguments:
parameters:
- name: namespace
value: '{{workflow.parameters.namespace}}'
- name: kubeconfig_secret_name
value: "{{workflow.parameters.site_name}}-kubeconfig"
- name: delete-argocd-app
inputs:
parameters:
- name: app_group
- name: site_name
container:
name: delete-argocd-app
image: docker.io/sktcloud/argocd-cli:v2.2.5
command:
- /bin/bash
- '-c'
- |
function log() {
level=$1
msg=$2
date=$(date '+%F %H:%M:%S')
echo "[$date] $level $msg"
}
./argocd login $ARGO_SERVER --plaintext --insecure --username $ARGO_USERNAME \
--password $ARGO_PASSWORD

export ARGOCD_APP_NAME=$(echo "${SITE_NAME:0:8}")-service-mesh
- name: app_group
value: "service-mesh"
- name: site_repo_url
value: "https://github.com/openinfradev/decapod-site"
#===============================
# For tks-info task
#===============================
- name: tks_info_host
value: "127.0.0.1"
- name: cluster_id
value: "abbead61-ff2a-4af4-8f41-d2c44c745de7"
- name: app_group_id
value: "abbead61-ff2a-4af4-8f41-d2c44c745de7"
- name: app_prefix
value: "{{=sprig.substr(0, 8, workflow.parameters.cluster_id)}}"
- name: filter
value: "app={{=sprig.substr(0, 8, workflow.parameters.cluster_id)}}-{{workflow.parameters.app_group}}"
volumes:
- name: tks-proto-vol
configMap:
name: tks-proto

./argocd app list -p $APP_NAME -l app=$ARGOCD_APP_NAME -o name | xargs ./argocd app delete -y
log "INFO" "deleting argocd app"
envFrom:
- secretRef:
name: decapod-argocd-config
env:
- name: APP_NAME
value: "{{inputs.parameters.app_group}}"
- name: SITE_NAME
value: '{{inputs.parameters.site_name}}'
activeDeadlineSeconds: 900
retryStrategy:
limit: 2
- name: delete-finalizer-app
inputs:
parameters:
- name: namespace
- name: site_name
- name: kubeconfig_secret_name
container:
name: delete-finalizer-app
image: 'k8s.gcr.io/hyperkube:{{workflow.parameters.kube_version}}'
command:
- /bin/bash
- '-c'
- |
function log() {
level=$1
msg=$2
date=$(date '+%F %H:%M:%S')
echo "[$date] $level $msg"
}
templates:
#=========================================================
# Template Pipeline
#=========================================================
- name: remove-tks-service-mesh
steps:
- - name: remove-service-mech
templateRef:
name: remove-servicemesh-all
template: remove-start

APP_PREFIX=${SITE_NAME:0:8}
cat <<< "$KUBE_CONFIG" > /etc/kubeconfig

kubectl patch app $APP_PREFIX-servicemesh-kiali-resource -n argo --type merge -p '{"metadata":{"finalizers": [null]}}'
kubectl patch app $APP_PREFIX-servicemesh-gateway -n argo --type merge -p '{"metadata":{"finalizers": [null]}}'
kubectl patch app $APP_PREFIX-servicemesh-controlplane -n argo --type merge -p '{"metadata":{"finalizers": [null]}}'
kubectl --kubeconfig=/etc/kubeconfig patch kialis kiali -n ${NAMESPACE} --type merge -p '{"metadata":{"finalizers": [null]}}'

log "INFO" "argocd apps and kialis finalizers successfully deleted."
env:
- name: NAMESPACE
value: '{{inputs.parameters.namespace}}'
- name: SITE_NAME
value: '{{inputs.parameters.site_name}}'
- name: KUBE_CONFIG
valueFrom:
secretKeyRef:
name: "{{ inputs.parameters.kubeconfig_secret_name }}"
key: value
activeDeadlineSeconds: 900
retryStrategy:
limit: 2
- name: delete-kubernetes-resources
inputs:
parameters:
- name: component_name
- name: component_type
- name: kubeconfig_secret_name
container:
name: delete-kubernetes-resources
image: 'k8s.gcr.io/hyperkube:{{workflow.parameters.kube_version}}'
command:
- /bin/bash
- '-c'
- |
function log() {
level=$1
msg=$2
date=$(date '+%F %H:%M:%S')
echo "[$date] $level $msg"
}
- - name: updateTksInfo
templateRef:
name: delete-tks-app-group-info
template: deleteTksAppGroup

function deleteGateway() {
log "INFO" "deleteGateway() called!"
log "INFO" "REVISION = [${REVISION}]"
log "INFO" "COMPONENT_NAME = [${COMPONENT_NAME}]"
log "INFO" "NAMESPACE = [${NAMESPACE}]"
LABELS="istio.io/rev=${REVISION},operator.istio.io/component=IngressGateways"
kubectl --kubeconfig=/etc/kubeconfig patch istiooperators ${COMPONENT_NAME}-${REVISION} -n ${NAMESPACE} --type merge -p '{"metadata":{"finalizers": [null]}}'
kubectl --kubeconfig=/etc/kubeconfig delete istiooperators ${COMPONENT_NAME}-${REVISION} -n ${NAMESPACE}
kubectl --kubeconfig=/etc/kubeconfig delete deployments -n ${NAMESPACE} -l ${LABELS}
kubectl --kubeconfig=/etc/kubeconfig delete services -n ${NAMESPACE} -l ${LABELS}
kubectl --kubeconfig=/etc/kubeconfig delete hpa -n ${NAMESPACE} -l ${LABELS}
kubectl --kubeconfig=/etc/kubeconfig delete poddisruptionbudgets -n ${NAMESPACE} -l ${LABELS}
kubectl --kubeconfig=/etc/kubeconfig delete serviceaccounts -n ${NAMESPACE} -l ${LABELS}
kubectl --kubeconfig=/etc/kubeconfig delete rolebindings -n ${NAMESPACE} -l ${LABELS}
kubectl --kubeconfig=/etc/kubeconfig delete roles -n ${NAMESPACE} -l ${LABELS}
kubectl --kubeconfig=/etc/kubeconfig delete helmreleases service-mesh-gateway -n default
}

function deleteControlplane() {
log "INFO" "deleteControlplane() called!"
log "INFO" "REVISION = [${REVISION}]"
log "INFO" "COMPONENT_NAME = [${COMPONENT_NAME}]"
log "INFO" "NAMESPACE = [${NAMESPACE}]"
LABELS="istio.io/rev=${REVISION},operator.istio.io/component=Pilot"
kubectl --kubeconfig=/etc/kubeconfig patch istiooperators ${COMPONENT_NAME}-${REVISION} -n ${NAMESPACE} --type merge -p '{"metadata":{"finalizers": [null]}}'
kubectl --kubeconfig=/etc/kubeconfig delete istiooperators ${COMPONENT_NAME}-${REVISION} -n ${NAMESPACE}
kubectl --kubeconfig=/etc/kubeconfig delete deployments -n ${NAMESPACE} -l ${LABELS}
kubectl --kubeconfig=/etc/kubeconfig delete services -n ${NAMESPACE} -l ${LABELS}
kubectl --kubeconfig=/etc/kubeconfig delete hpa -n ${NAMESPACE} -l ${LABELS}
kubectl --kubeconfig=/etc/kubeconfig delete configmaps -n ${NAMESPACE} -l ${LABELS}
kubectl --kubeconfig=/etc/kubeconfig delete poddisruptionbudgets -n ${NAMESPACE} -l ${LABELS}
kubectl --kubeconfig=/etc/kubeconfig delete envoyfilters -n ${NAMESPACE} -l ${LABELS}
kubectl --kubeconfig=/etc/kubeconfig delete mutatingwebhookconfigurations -l ${LABELS}
kubectl --kubeconfig=/etc/kubeconfig delete serviceaccounts -n ${NAMESPACE} -l ${LABELS}
kubectl --kubeconfig=/etc/kubeconfig delete rolebindings -n ${NAMESPACE} -l ${LABELS}
kubectl --kubeconfig=/etc/kubeconfig delete roles -n ${NAMESPACE} -l ${LABELS}
kubectl --kubeconfig=/etc/kubeconfig delete clusterrolebindings -l ${LABELS}
kubectl --kubeconfig=/etc/kubeconfig delete clusterroles -l ${LABELS}
kubectl --kubeconfig=/etc/kubeconfig delete helmreleases service-mesh-controlplane -n default
}
#=========================================================
# Template Definition
#=========================================================
- name: delete-ingress-temporary
inputs:
parameters:
- name: site_name
container:
name: delete-ingress-temporary
image: 'gcr.io/google-containers/hyperkube:v1.18.6'
command:
- /bin/bash
- '-c'
- |
function log() {
level=$1
msg=$2
date=$(date '+%F %H:%M:%S')
echo "[$date] $level $msg"
}

cat <<< "$KUBE_CONFIG" > /etc/kubeconfig
function delete_ingress() {
ingress_name=$1
namespace=$2

# delete Kubernetes resources
if [[ ! -z "$COMPONENT_NAME" ]]; then
if [[ ${COMPONENT_TYPE} =~ controlplane ]]; then
log "INFO" "delete istio Controlplane"
deleteControlplane
elif [[ ${COMPONENT_TYPE} =~ gateway ]]; then
log "INFO" "delete istio Gateway"
deleteGateway
else
log "ERROR" "${COMPONENT_TYPE} does'nt exist."
exit 1
fi
fi
kube_params=""
if [[ -n "{{workflow.parameters.cluster_id}}" ]]; then
kube_secret=$(kubectl get secret -n {{workflow.parameters.cluster_id}} {{workflow.parameters.cluster_id}}-kubeconfig -o jsonpath="{.data.value}" | base64 -d)
echo -e "kube_secret:\n$kube_secret" | head -n 5
cat <<< "$kube_secret" > /etc/kubeconfig
kube_params+="--kubeconfig=/etc/kubeconfig"
fi

log "INFO" "${COMPONENT_NAME} successfully deleted."
env:
- name: COMPONENT_NAME
value: '{{inputs.parameters.component_name}}'
- name: COMPONENT_TYPE
value: '{{inputs.parameters.component_type}}'
- name: REVISION
value: '{{workflow.parameters.revision}}'
- name: NAMESPACE
value: '{{workflow.parameters.namespace}}'
- name: KUBE_CONFIG
valueFrom:
secretKeyRef:
name: "{{ inputs.parameters.kubeconfig_secret_name }}"
key: value
activeDeadlineSeconds: 900
retryStrategy:
limit: 2
- name: delete-namespace
inputs:
parameters:
- name: namespace
- name: kubeconfig_secret_name
container:
name: delete-namespace
image: 'k8s.gcr.io/hyperkube:{{workflow.parameters.kube_version}}'
command:
- /bin/bash
- '-c'
- |
function log() {
level=$1
msg=$2
date=$(date '+%F %H:%M:%S')
echo "[$date] $level $msg"
}
kubectl $kube_params get ing $ingress_name -n $namespace
if [[ $? =~ 1 ]]; then
kubectl $kube_params delete ing $ingress_name -n $namespace
log "INFO" "${ingress_name} in ${namespace} successfully deleted."
fi
}

cat <<< "$KUBE_CONFIG" > /etc/kubeconfig

kubectl --kubeconfig=/etc/kubeconfig delete ns ${NAMESPACE}

log "INFO" "${NAMESPACE} successfully deleted."
env:
- name: NAMESPACE
value: '{{inputs.parameters.namespace}}'
- name: KUBE_CONFIG
valueFrom:
secretKeyRef:
name: "{{ inputs.parameters.kubeconfig_secret_name }}"
key: value
activeDeadlineSeconds: 900
retryStrategy:
limit: 2
delete_ingress "grafana" "lma"
delete_ingress "kibana" "lma"
delete_ingress "kiali" "istio-system"
env:
- name: SITE_NAME
value: '{{inputs.parameters.site_name}}'
activeDeadlineSeconds: 900
retryStrategy:
limit: 2
Loading