Skip to content

Commit

Permalink
add runtime architecture to RA and RD (#1126)
Browse files Browse the repository at this point in the history
  • Loading branch information
@nilsgstrabo
nilsgstrabo authored Jun 12, 2024
1 parent 740d90e commit 85a0f8c
Show file tree
Hide file tree
Showing 78 changed files with 1,877 additions and 781 deletions.
20 changes: 11 additions & 9 deletions .vscode/launch.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,27 +9,29 @@
"program": "${workspaceFolder}/pipeline-runner/main.go",
"env": {},
"args": [
"--RADIX_APP=radix-job-demo",
"--JOB_NAME=radix-pipeline-20231113133209-sb8w8",
"--RADIX_APP=oauth-demo",
"--JOB_NAME=radix-pipeline-20231113133209-r",
"--PIPELINE_TYPE=build-deploy",
"--DEBUG=true",
"--RADIX_TEKTON_IMAGE=radix-tekton:main-latest",
"--RADIX_IMAGE_BUILDER=radix-image-builder:master-latest",
"--RADIX_BUILDAH_IMAGE_BUILDER=quay.io/buildah/stable:v1.31",
"--SECCOMP_PROFILE_FILENAME=allow-buildah.json",
"--RADIX_CLUSTER_TYPE=development",
"--RADIX_ZONE=dev",
"--RADIX_CLUSTERNAME=weekly-44",
"--RADIX_CLUSTERNAME=weekly-23",
"--RADIX_CONTAINER_REGISTRY=radixdev.azurecr.io",
"--RADIX_APP_CONTAINER_REGISTRY=radixdevapp.azurecr.io",
"--AZURE_SUBSCRIPTION_ID=16ede44b-1f74-40a5-b428-46cca9a5741b",
"--IMAGE_TAG=abcde",
"--IMAGE_TAG=abcdw",
"--BRANCH=main",
"--COMMIT_ID=1cbb2fb6b8a562d44a27edae9678c86cb7cbda2e",
// "--COMMIT_ID=4069bf49619be55ee7dbdd426194cc14c30fde10",
"--PUSH_IMAGE=true",
"--USE_CACHE=true",
"--RADIX_FILE_NAME=/workspace/radixconfig.yaml",
"--TO_ENVIRONMENT=qa",
"--IMAGE_TAG_NAME=server=1.23-alpine-slim",
"--IMAGE_TAG_NAME=server2=1.22.1-alpine-perl",
"--TO_ENVIRONMENT=dev",
// "--IMAGE_TAG_NAME=server=1.23-alpine-slim",
// "--IMAGE_TAG_NAME=server2=1.22.1-alpine-perl",
"--RADIX_RESERVED_APP_DNS_ALIASES=api=radix-api,canary=radix-canary-golang,console=radix-web-console,cost-api=radix-cost-allocation-api,webhook=radix-github-webhook",
"--RADIX_RESERVED_DNS_ALIASES=grafana,prometheus,www"
]
Expand Down Expand Up @@ -104,7 +106,7 @@
"RADIXOPERATOR_APP_ROLLING_UPDATE_MAX_SURGE": "25%",
"RADIXOPERATOR_APP_READINESS_PROBE_INITIAL_DELAY_SECONDS": "5",
"RADIXOPERATOR_APP_READINESS_PROBE_PERIOD_SECONDS": "10",
"RADIX_ACTIVE_CLUSTERNAME": "weekly-51",
"RADIX_ACTIVE_CLUSTERNAME": "weekly-23",
"RADIX_IMAGE_BUILDER": "radix-image-builder:master-latest",
"RADIX_TEKTON_IMAGE": "radix-tekton:main-latest",
"RADIXOPERATOR_JOB_SCHEDULER": "radix-job-scheduler:main-latest",
Expand Down
4 changes: 2 additions & 2 deletions charts/radix-operator/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
apiVersion: v2
name: radix-operator
version: 1.35.3
appVersion: 1.55.3
version: 1.36.0
appVersion: 1.56.0
kubeVersion: ">=1.24.0"
description: Radix Operator
keywords:
Expand Down
52 changes: 52 additions & 0 deletions charts/radix-operator/templates/radixapplication.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -730,6 +730,19 @@ spec:
that is explicitly specified, otherwise to an implementation-defined value.
type: object
type: object
runtime:
description: Runtime defines environment specific target
runtime requirements for the component
properties:
architecture:
default: amd64
description: CPU architecture target for the component
or job. Defaults to amd64.
enum:
- amd64
- arm64
type: string
type: object
secretRefs:
description: |-
Environment specific configuration for external secret stores, like Azure KeyVault.
Expand Down Expand Up @@ -1467,6 +1480,19 @@ spec:
that is explicitly specified, otherwise to an implementation-defined value.
type: object
type: object
runtime:
description: Runtime defines the target runtime requirements
for the component
properties:
architecture:
default: amd64
description: CPU architecture target for the component or
job. Defaults to amd64.
enum:
- amd64
- arm64
type: string
type: object
secretRefs:
description: |-
Configuration for external secret stores, like Azure KeyVault.
Expand Down Expand Up @@ -2197,6 +2223,19 @@ spec:
that is explicitly specified, otherwise to an implementation-defined value.
type: object
type: object
runtime:
description: Runtime defines environment specific target
runtime requirements for the job
properties:
architecture:
default: amd64
description: CPU architecture target for the component
or job. Defaults to amd64.
enum:
- amd64
- arm64
type: string
type: object
secretRefs:
description: |-
Environment specific configuration for external secret stores, like Azure KeyVault.
Expand Down Expand Up @@ -2725,6 +2764,19 @@ spec:
that is explicitly specified, otherwise to an implementation-defined value.
type: object
type: object
runtime:
description: Runtime defines target runtime requirements for
the job
properties:
architecture:
default: amd64
description: CPU architecture target for the component or
job. Defaults to amd64.
enum:
- amd64
- arm64
type: string
type: object
schedulerPort:
description: |-
Defines the port number that the job-scheduler API server will listen to.
Expand Down
60 changes: 60 additions & 0 deletions json-schema/radixapplication.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -708,6 +708,21 @@
},
"type": "object"
},
"runtime": {
"description": "Runtime defines environment specific target runtime requirements for the component",
"properties": {
"architecture": {
"default": "amd64",
"description": "CPU architecture target for the component or job. Defaults to amd64.",
"enum": [
"amd64",
"arm64"
],
"type": "string"
}
},
"type": "object"
},
"secretRefs": {
"description": "Environment specific configuration for external secret stores, like Azure KeyVault.\nMore info: https://www.radix.equinor.com/references/reference-radix-config/#secretrefs",
"properties": {
Expand Down Expand Up @@ -1459,6 +1474,21 @@
},
"type": "object"
},
"runtime": {
"description": "Runtime defines the target runtime requirements for the component",
"properties": {
"architecture": {
"default": "amd64",
"description": "CPU architecture target for the component or job. Defaults to amd64.",
"enum": [
"amd64",
"arm64"
],
"type": "string"
}
},
"type": "object"
},
"secretRefs": {
"description": "Configuration for external secret stores, like Azure KeyVault.\nMore info: https://www.radix.equinor.com/references/reference-radix-config/#secretrefs",
"properties": {
Expand Down Expand Up @@ -2213,6 +2243,21 @@
},
"type": "object"
},
"runtime": {
"description": "Runtime defines environment specific target runtime requirements for the job",
"properties": {
"architecture": {
"default": "amd64",
"description": "CPU architecture target for the component or job. Defaults to amd64.",
"enum": [
"amd64",
"arm64"
],
"type": "string"
}
},
"type": "object"
},
"secretRefs": {
"description": "Environment specific configuration for external secret stores, like Azure KeyVault.\nMore info: https://www.radix.equinor.com/references/reference-radix-config/#secretrefs",
"properties": {
Expand Down Expand Up @@ -2744,6 +2789,21 @@
},
"type": "object"
},
"runtime": {
"description": "Runtime defines target runtime requirements for the job",
"properties": {
"architecture": {
"default": "amd64",
"description": "CPU architecture target for the component or job. Defaults to amd64.",
"enum": [
"amd64",
"arm64"
],
"type": "string"
}
},
"type": "object"
},
"schedulerPort": {
"description": "Defines the port number that the job-scheduler API server will listen to.\nMore info: https://www.radix.equinor.com/references/reference-radix-config/#schedulerport",
"format": "int32",
Expand Down
2 changes: 1 addition & 1 deletion operator.Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM golang:1.22-alpine3.19 as base
FROM golang:1.22-alpine3.20 as base
ENV GO111MODULE=on
RUN apk update && \
apk add git ca-certificates curl && \
Expand Down
21 changes: 16 additions & 5 deletions pipeline-runner/internal/tekton/tekton.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,13 @@ import (
"strings"
"time"

"github.com/equinor/radix-common/utils/pointers"
"github.com/equinor/radix-operator/pipeline-runner/model"
pipelineDefaults "github.com/equinor/radix-operator/pipeline-runner/model/defaults"
"github.com/equinor/radix-operator/pkg/apis/defaults"
"github.com/equinor/radix-operator/pkg/apis/kube"
radixv1 "github.com/equinor/radix-operator/pkg/apis/radix/v1"
"github.com/equinor/radix-operator/pkg/apis/securitycontext"
"github.com/equinor/radix-operator/pkg/apis/utils"
"github.com/equinor/radix-operator/pkg/apis/utils/annotations"
"github.com/equinor/radix-operator/pkg/apis/utils/git"
Expand Down Expand Up @@ -49,21 +52,29 @@ func CreateActionPipelineJob(containerName string, action string, pipelineInfo *
},
Spec: corev1.PodSpec{
ServiceAccountName: defaults.RadixTektonServiceAccountName,
SecurityContext: &pipelineInfo.PipelineArguments.PodSecurityContext,
InitContainers: initContainers,
SecurityContext: securitycontext.Pod(
securitycontext.WithPodFSGroup(1000),
securitycontext.WithPodSeccompProfile(corev1.SeccompProfileTypeRuntimeDefault)),
InitContainers: initContainers,
Containers: []corev1.Container{
{
Name: containerName,
Image: fmt.Sprintf("%s/%s", pipelineInfo.PipelineArguments.ContainerRegistry, pipelineInfo.PipelineArguments.TektonPipeline),
ImagePullPolicy: corev1.PullAlways,
VolumeMounts: getJobContainerVolumeMounts(),
SecurityContext: &pipelineInfo.PipelineArguments.ContainerSecurityContext,
Env: *envVars,
SecurityContext: securitycontext.Container(
securitycontext.WithContainerDropAllCapabilities(),
securitycontext.WithContainerRunAsUser(1000),
securitycontext.WithContainerRunAsGroup(1000),
securitycontext.WithContainerSeccompProfileType(corev1.SeccompProfileTypeRuntimeDefault),
securitycontext.WithReadOnlyRootFileSystem(pointers.Ptr(true)),
),
Env: *envVars,
},
},
Volumes: getJobVolumes(),
RestartPolicy: "Never",
Affinity: utils.GetAffinityForPipelineJob(),
Affinity: utils.GetAffinityForPipelineJob(&radixv1.Runtime{Architecture: radixv1.RuntimeArchitectureAmd64}),
Tolerations: utils.GetPipelineJobPodSpecTolerations(),
},
},
Expand Down
64 changes: 64 additions & 0 deletions pipeline-runner/internal/watcher/namespace.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
package watcher

import (
"context"
"time"

"github.com/rs/zerolog/log"
corev1 "k8s.io/api/core/v1"
k8errs "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/util/wait"
"k8s.io/client-go/kubernetes"
)

const waitTimeout = 15 * time.Second

// NamespaceWatcher Watcher to wait for namespace to be created
type NamespaceWatcher interface {
WaitFor(ctx context.Context, namespace string) error
}

// NamespaceWatcherImpl Implementation of watcher
type NamespaceWatcherImpl struct {
client kubernetes.Interface
}

// NewNamespaceWatcherImpl Constructor
func NewNamespaceWatcherImpl(client kubernetes.Interface) NamespaceWatcherImpl {
return NamespaceWatcherImpl{
client,
}
}

// WaitFor Waits for namespace to appear
func (watcher NamespaceWatcherImpl) WaitFor(ctx context.Context, namespace string) error {
log.Info().Msgf("Waiting for namespace %s", namespace)
err := waitForNamespace(ctx, watcher.client, namespace)
if err != nil {
return err
}

log.Info().Msgf("Namespace %s exists and is active", namespace)
return nil

}

func waitForNamespace(ctx context.Context, client kubernetes.Interface, namespace string) error {
timoutContext, cancel := context.WithTimeout(ctx, waitTimeout)
defer cancel()

return wait.PollUntilContextCancel(timoutContext, time.Second, true, func(ctx context.Context) (done bool, err error) {
ns, err := client.CoreV1().Namespaces().Get(ctx, namespace, metav1.GetOptions{})
if err != nil {
if k8errs.IsNotFound(err) || k8errs.IsForbidden(err) {
return false, nil // the environment namespace or the rolebinding for the cluster-role radix-pipeline-env are not yet created
}
return false, err
}
if ns != nil && ns.Status.Phase == corev1.NamespaceActive {
return true, nil
}
return false, nil
})
}
21 changes: 21 additions & 0 deletions pipeline-runner/internal/watcher/namespace_mock.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
package watcher

import "context"

// FakeNamespaceWatcher Unit tests doesn't handle multi-threading well
type FakeNamespaceWatcher struct {
}

// FakeRadixDeploymentWatcher Unit tests doesn't handle multi-threading well
type FakeRadixDeploymentWatcher struct {
}

// WaitFor Waits for namespace to appear
func (watcher FakeNamespaceWatcher) WaitFor(_ context.Context, _ string) error {
return nil
}

// WaitFor Waits for radix deployment gets active
func (watcher FakeRadixDeploymentWatcher) WaitForActive(_, _ string) error {
return nil
}
4 changes: 2 additions & 2 deletions pipeline-runner/internal/watcher/radix_deployment_watcher_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ import (
kubernetes "k8s.io/client-go/kubernetes/fake"
)

func setupTest(t *testing.T) (*radix.Clientset, *kubernetes.Clientset) {
func setupTest() (*radix.Clientset, *kubernetes.Clientset) {
radixClient := radix.NewSimpleClientset()
kubeClient := kubernetes.NewSimpleClientset()
return radixClient, kubeClient
Expand All @@ -40,7 +40,7 @@ func TestDeploy_WaitActiveDeployment(t *testing.T) {
}
for _, ts := range scenarios {
t.Run(ts.name, func(tt *testing.T) {
radixClient, kubeClient := setupTest(tt)
radixClient, kubeClient := setupTest()
require.NoError(t, createNamespace(kubeClient, namespace))

if ts.hasRadixDevelopment {
Expand Down
Loading

0 comments on commit 85a0f8c

Please sign in to comment.