search

replicatedhq / helm-charts

Apache License 2.0
4 stars 6 forks source link

feat(replicated-library): add preflight pre-install hook #78

Closed DexterYan closed 1 year ago

DexterYan commented 1 year ago

This is another approach to add feature to sc-75516

DexterYan commented 1 year ago

example

troubleshoot:
  support-bundle:
  ....
  preflights:
    my-preflights:
      image: replicated/preflight:latest
      enabled: true
      collectors:
        - run:
            collectorName: "static-hi"
            image: "alpine:3"
            command: ["echo", "hi static!"]
      analyzers:
        - textAnalyze:
            checkName: Said hi!
            fileName: /static-hi.log
            regex: "hi static"
            outcomes:
              - fail:
                  message: Didn't say hi.
              - pass:
                  message: Said hi!

output

---
# Source: wg-easy/templates/replicated-library.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: test-preflight-my-preflights
  labels:
    helm.sh/chart: wg-easy-0.1.0
    app.kubernetes.io/name: wg-easy
    app.kubernetes.io/instance: test
    app.kubernetes.io/version: "7"
    app.kubernetes.io/managed-by: Helm
    troubleshoot.io/kind: preflight
  annotations:
    "helm.sh/hook": pre-install, pre-upgrade
    "helm.sh/hook-weight": "-6"
    "helm.sh/hook-delete-policy": before-hook-creation, hook-succeeded, hook-failed
secrets:
  - name: test-wg-easy-preflight-my-preflights
---
# Source: wg-easy/templates/replicated-library.yaml
apiVersion: v1
kind: Secret
metadata:
  name: test-wg-easy-preflight-my-preflights
  labels:
    helm.sh/chart: wg-easy-0.1.0
    app.kubernetes.io/name: wg-easy
    app.kubernetes.io/instance: test
    app.kubernetes.io/version: "7"
    app.kubernetes.io/managed-by: Helm
    troubleshoot.io/kind: preflight
  annotations:
    "helm.sh/hook": pre-install, pre-upgrade
    "helm.sh/hook-weight": "-6"
    "helm.sh/hook-delete-policy": before-hook-creation, hook-succeeded, hook-failed
stringData:
  preflight.yaml: |-
    apiVersion: troubleshoot.sh/v1beta2
    kind: Preflight
    metadata:
      name: test-wg-easy-preflight-my-preflights
    spec:
      collectors:      
        - run:
            collectorName: static-hi
            command:
            - echo
            - hi static!
            image: alpine:3
      analyzers:      
        - textAnalyze:
            checkName: Said hi!
            fileName: /static-hi.log
            outcomes:
            - fail:
                message: Didn't say hi.
            - pass:
                message: Said hi!
            regex: hi static
---
# Source: wg-easy/templates/replicated-library.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: test-preflight-my-preflights
  labels:
    helm.sh/chart: wg-easy-0.1.0
    app.kubernetes.io/name: wg-easy
    app.kubernetes.io/instance: test
    app.kubernetes.io/version: "7"
    app.kubernetes.io/managed-by: Helm
    troubleshoot.io/kind: preflight
  annotations:
    "helm.sh/hook": pre-install, pre-upgrade
    "helm.sh/hook-weight": "-6"
    "helm.sh/hook-delete-policy": before-hook-creation, hook-succeeded, hook-failed
rules:
  - apiGroups:
      - ""
    resources: 
      - "namespaces"
    verbs: 
      - "get"
      - "watch"
      - "list"
  - apiGroups:
      - ""
    resources: 
      - "nodes"
    verbs: 
      - "get"
      - "watch"
      - "list"
  - apiGroups:
      - ""
    resources: 
      - "pods"
    verbs: 
      - "get"
      - "watch"
      - "list"
      - "create"
  - apiGroups: 
      - "apiextensions.k8s.io"
    resources: 
      - "customresourcedefinitions"
    verbs: 
      - "get"
      - "watch"
      - "list"
  - apiGroups: 
      - "storage.k8s.io"
    resources: 
      - "storageclasses"
    verbs: 
      - "get"
      - "watch"
      - "list"
  - apiGroups:
      - ""
    resources: 
      - "pods/log"
    verbs: 
      - "get"
      - "list"
---
# Source: wg-easy/templates/replicated-library.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: test-preflight-my-preflights
  labels:
    helm.sh/chart: wg-easy-0.1.0
    app.kubernetes.io/name: wg-easy
    app.kubernetes.io/instance: test
    app.kubernetes.io/version: "7"
    app.kubernetes.io/managed-by: Helm
    troubleshoot.io/kind: preflight
  annotations:
    "helm.sh/hook": pre-install, pre-upgrade
    "helm.sh/hook-weight": "-6"
    "helm.sh/hook-delete-policy": before-hook-creation, hook-succeeded, hook-failed
subjects:
- kind: ServiceAccount
  name: test-preflight-my-preflights
  namespace: default
roleRef:
  kind: ClusterRole 
  name: test-preflight-my-preflights
  apiGroup: rbac.authorization.k8s.io
---
# Source: wg-easy/templates/replicated-library.yaml
apiVersion: v1
kind: Pod
metadata:
  name: test-preflight-check
  labels:
    helm.sh/chart: wg-easy-0.1.0
    app.kubernetes.io/name: wg-easy
    app.kubernetes.io/instance: test
    app.kubernetes.io/version: "7"
    app.kubernetes.io/managed-by: Helm
    troubleshoot.io/kind: preflight
  annotations:
    "helm.sh/hook": pre-install, pre-upgrade
    "helm.sh/show-output": "true"
    "helm.sh/hook-weight": "-5"
    "helm.sh/hook-delete-policy": before-hook-creation, hook-succeeded, hook-failed
    "helm.sh/hook-output-log-policy": hook-failed, hook-succeeded
spec:
  serviceAccountName: test-preflight-my-preflights
  restartPolicy: Never
  volumes:
    - name: preflights
      secret:
        secretName: test-wg-easy-preflight-my-preflights
  containers:
    - name: pre-install-job
      image:  replicated/preflight:latest
      command:
        - "preflight"
        - "--interactive=false"
        - "/preflights/preflight.yaml"
      volumeMounts:
        - name: preflights
          mountPath: /preflights
chris-sanders commented 1 year ago

This looks really cool, FYI we're looking at moving some file paths https://github.com/replicatedhq/helm-charts/pull/80 this will impact where some of your files live. Just keep an eye on that PR.

DexterYan commented 1 year ago

if using 

preflights:
    my-preflights:
      image: replicated/preflight:latest
      enabled: true
      analyzers:
        - clusterVersion:
            outcomes:
              - fail:
                  when: "< 1.20.0"
                  message: This application requires at least Kubernetes 1.20.0, and recommends 1.22.0.
                  uri: https://www.kubernetes.io
              - warn:
                  when: "< 1.22.0"
                  message: Your cluster meets the minimum version of Kubernetes, but we recommend you update to 1.22.0 or later.
                  uri: https://kubernetes.io
              - pass:
                  when: ">= 1.22.0"
                  message: Your cluster meets the recommended and required versions of Kubernetes.

it is working as expected when the pod is running success.

However, if I am using

  preflights:
    my-preflights:
      image: replicated/preflight
      enabled: true
      collectors:
        - clusterInfo: {}
        - clusterResources: {}

The pod will fail, then the pod had been deleted automatically. However, sa, clusterrole, clusterrolebinding had not been deleted. Seems hook-failed has not trigger those delete