From d6034bb53ca5412acc1a7300a99abca3f2d92423 Mon Sep 17 00:00:00 2001 From: Matt Halder Date: Mon, 18 Mar 2024 11:59:02 -0600 Subject: [PATCH] Reset mount filesystem (#137) Signed-off-by: Matt Halder --- .../server-repository/reset-job.yaml | 117 +++++++++++++++++- charts/values.yaml | 4 +- 2 files changed, 114 insertions(+), 7 deletions(-) diff --git a/charts/templates/server-repository/reset-job.yaml b/charts/templates/server-repository/reset-job.yaml index 03ac6ae9..ebe21fb1 100644 --- a/charts/templates/server-repository/reset-job.yaml +++ b/charts/templates/server-repository/reset-job.yaml @@ -12,19 +12,77 @@ spec: backoffLimit: 0 template: spec: - serviceAccountName: {{ template "sourcify.serverRepository.serviceAccountName" . }} + serviceAccountName: {{ printf "%s-%s" .Chart.Name "prvw-reset-sa" | trimSuffix "-"| trunc 52 }} restartPolicy: Never containers: - name: reset image: "{{ .Values.reset.image.repository }}:{{ .Values.reset.image.tag }}" imagePullPolicy: {{ .Values.reset.image.pullPolicy }} command: - - /bin/sh + - /bin/bash - -c - - wget https://raw.githubusercontent.com/hashgraph/hedera-sourcify/main/scripts/hedera-reset.sh ; chmod +x hedera-reset.sh ; ./hedera-reset.sh previewnet + - POD=$(kubectl get pods -l app.kubernetes.io/name=sourcify-server-repository -n sourcify | tail -1 | awk '{print $1}'); kubectl exec -it -n sourcify $POD -- ./hedera-reset-docker.sh previewnet +{{- end }} + +--- +{{- if .Values.reset.previewnet_reset.enabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ printf "%s-%s" .Chart.Name "prvw-reset-sa" | trimSuffix "-"| trunc 52 }} + labels: + {{- include "sourcify.labels" . | nindent 4 }} + {{- with .Values.serverRepository.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} + +--- +{{- if .Values.reset.previewnet_reset.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ printf "%s-%s" .Chart.Name "prvw-reset-role" | trimSuffix "-"| trunc 52 }} + labels: + {{- include "sourcify.labels" . | nindent 4 }} + {{- with .Values.serverRepository.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +rules: + - apiGroups: [""] + resources: ["pods", "pods/log"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["create"] {{- end }} --- +{{- if .Values.reset.previewnet_reset.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ printf "%s-%s" .Chart.Name "prvw-reset-rolebinding" | trimSuffix "-"| trunc 52 }} + labels: + {{- include "sourcify.labels" . | nindent 4 }} + {{- with .Values.serverRepository.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ printf "%s-%s" .Chart.Name "prvw-reset-role" | trimSuffix "-"| trunc 52 }} +subjects: + - kind: ServiceAccount + name: {{ printf "%s-%s" .Chart.Name "prvw-reset-sa" | trimSuffix "-"| trunc 52 }} + namespace: {{ .Release.Namespace }} +{{- end }} + +--- +# Testnet reset job {{- if .Values.reset.testnet_reset.enabled }} apiVersion: batch/v1 kind: CronJob @@ -39,7 +97,7 @@ spec: backoffLimit: 0 template: spec: - serviceAccountName: {{ template "sourcify.serverRepository.serviceAccountName" . }} + serviceAccountName: {{ printf "%s-%s" .Chart.Name "tsnt-reset-sa" | trimSuffix "-"| trunc 52 }} restartPolicy: Never containers: - name: reset @@ -48,5 +106,54 @@ spec: command: - /bin/sh - -c - - wget https://raw.githubusercontent.com/hashgraph/hedera-sourcify/main/scripts/hedera-reset.sh ; chmod +x hedera-reset.sh ; ./hedera-reset.sh testnet + - POD=$(kubectl get pods -l app.kubernetes.io/name=sourcify-server-repository -n sourcify | tail -1 | awk '{print $1}'); kubectl exec -it -n sourcify $POD -- ./hedera-reset-docker.sh testnet +--- +# This job requires a special service account with specific permissions to accomplish this task +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ printf "%s-%s" .Chart.Name "tsnt-reset-sa" | trimSuffix "-"| trunc 52 }} + labels: + {{- include "sourcify.labels" . | nindent 4 }} + {{- with .Values.serverRepository.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ printf "%s-%s" .Chart.Name "tsnt-reset-role" | trimSuffix "-"| trunc 52 }} + labels: + {{- include "sourcify.labels" . | nindent 4 }} + {{- with .Values.serverRepository.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +rules: + - apiGroups: [""] + resources: ["pods", "pods/log"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["create"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ printf "%s-%s" .Chart.Name "tsnt-reset-role-binding" | trimSuffix "-"| trunc 52 }} + labels: + {{- include "sourcify.labels" . | nindent 4 }} + {{- with .Values.serverRepository.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ printf "%s-%s" .Chart.Name "tsnt-reset-role" | trimSuffix "-"| trunc 52 }} +subjects: + - kind: ServiceAccount + name: {{ printf "%s-%s" .Chart.Name "tsnt-reset-sa" | trimSuffix "-"| trunc 52 }} + namespace: {{ .Release.Namespace }} {{- end }} \ No newline at end of file diff --git a/charts/values.yaml b/charts/values.yaml index 0dead65f..dd84ca45 100644 --- a/charts/values.yaml +++ b/charts/values.yaml @@ -159,7 +159,7 @@ reset: enabled: false ## Set default immage repository, tag, and pull policy image: - repository: "apline/curl" - tag: "8.4.0" + repository: "bitnami/kubectl" + tag: "1.28.7" pullPolicy: "IfNotPresent"