Closed iocanel closed 4 years ago
@iocanel Should we add some sort of authentication to the bot itself before doing this?
Yeah, we should probably start with something like basic authentication. In the future we could look into OAUTH via github or soemthing.
@cmoulliard This is the ticket we could use to discuss moving to hetzner k8s.
This is the ticket we could use to discuss moving to hetzner k8s.
I suggest that we create an Ansible role to install it on the permanent k8s cluster that we have on Hetzner hosting the Web servers: https://k8s-console.195.201.87.126.nip.io/#/login @jacobdotcosta
What is the status of this task ? Do you want that I help during @jacobdotcosta PTOs to finish it ?
The documentation mentions to create a PV for Create a PV with name snowdrop-db-claim
but in fact another one is needed for snowdrop-googledocs
cmd executed:
kc apply -n bot -f ./target/kubernetes/kubernetes.yml
serviceaccount/snowdrop-bot created
service/snowdrop-bot created
The Deployment "snowdrop-bot" is invalid: spec.template.spec.containers[0].volumeMounts[1].name: Not found: "snowdrop-googledocs"
FYI. Here is the scenario I was able to test successfully using kind localy
kind delete cluster --name boy
cat <<EOF | kind create cluster --name=boy --config=-
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
kubeadmConfigPatches:
- |
kind: InitConfiguration
nodeRegistration:
kubeletExtraArgs:
node-labels: "ingress-ready=true"
extraPortMappings:
- containerPort: 80
hostPort: 80
protocol: TCP
- containerPort: 443
hostPort: 443
protocol: TCP
EOF
kc apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/kind/deploy.yaml
./mvnw clean package -Dquarkus.container-image.build=true -Dquarkus.container-image.group=quay.io/cmoulliard -Dquarkus.kubernetes.expose=true -Pdocker
docker push quay.io/cmoulliard/snowdrop-bot
kc create ns bot
cat << EOF | kubectl apply -f -
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv001
spec:
accessModes:
- ReadWriteOnce
capacity:
storage: 2Gi
hostPath:
path: /tmp/pv001
type: ""
persistentVolumeReclaimPolicy: Recycle
volumeMode: Filesystem
EOF
cat << EOF | kubectl apply -n bot -f -
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: snowdrop-db-claim
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi
volumeMode: Filesystem
EOF
export GITHUB_TOKEN=`pass-team show github.com/snowdrop-bot/token`
export jira_users=cmoulliard
export jira_username=snowdrop-jirabot
export jira_password=`pass-team show rh/snowdrop-jirabot`
kc delete secret/snowdrop-jira -n bot
kc create secret generic snowdrop-jira --from-literal=jira.username=$jira_username --from-literal=jira.password=$jira_password --from-literal=jira.users=$jira_users -n bot
kc delete secret/snowdrop-github -n bot
kc create secret generic snowdrop-github --from-literal=GITHUB_TOKEN=$GITHUB_TOKEN -n bot
kc delete -n bot -f target/kubernetes/kubernetes.yml -n bot
kc apply -n bot -f target/kubernetes/kubernetes.yml -n bot
# kc scale --replicas=0 deployment.apps/snowdrop-bot -n bot
# kc scale --replicas=1 deployment.apps/snowdrop-bot -n bot
Snowdrop bot is currently deployed on the K8s cluster - http://issues.195.201.87.126.nip.io/#
;-)
@jacobdotcosta @iocanel
Here are the steps I followed. Some of them will need to be improved as by example :
./mvnw clean package -Dquarkus.container-image.build=true -Dquarkus.container-image.group=quay.io/snowdrop -Dquarkus.kubernetes.expose=true -Pdocker
docker push quay.io/snowdrop/snowdrop-bot
export KUBECONFIG=~/.kube/k8s-195.201.87.126
kc create ns bot
export GITHUB_TOKEN=pass-team show github.com/snowdrop-bot/token
export jira_users=cmoulliard
export jira_username=snowdrop-jirabot
export jira_password=pass-team show rh/snowdrop-jirabot
kc delete secret/snowdrop-jira -n bot kc create secret generic snowdrop-jira --from-literal=jira.username=$jira_username --from-literal=jira.password=$jira_password --from-literal=jira.users=$jira_users -n bot
kc delete secret/snowdrop-github -n bot kc create secret generic snowdrop-github --from-literal=GITHUB_TOKEN=$GITHUB_TOKEN -n bot
cat << EOF | kubectl apply -n bot -f - apiVersion: v1 kind: PersistentVolumeClaim metadata: name: snowdrop-db-claim spec: accessModes:
apiVersion: v1 kind: Service metadata: annotations: app.quarkus.io/vcs-url: https://github.com/snowdrop-bot/snowdrop-bot.git app.quarkus.io/build-timestamp: 2020-07-16 - 15:21:55 +0000 app.quarkus.io/commit-id: f0de40ca9532974f51d1a23edaa04a5ca79dee25 labels: app.kubernetes.io/name: snowdrop-bot app.kubernetes.io/part-of: snowdrop-bot app.kubernetes.io/version: 0.1-SNAPSHOT name: snowdrop-bot spec: ports:
apiVersion: apps/v1 kind: Deployment metadata: annotations: app.quarkus.io/vcs-url: https://github.com/snowdrop-bot/snowdrop-bot.git app.quarkus.io/build-timestamp: 2020-07-16 - 15:21:55 +0000 app.quarkus.io/commit-id: f0de40ca9532974f51d1a23edaa04a5ca79dee25 labels: app.kubernetes.io/name: snowdrop-bot app.kubernetes.io/part-of: snowdrop-bot app.kubernetes.io/version: 0.1-SNAPSHOT name: snowdrop-bot spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: snowdrop-bot app.kubernetes.io/part-of: snowdrop-bot app.kubernetes.io/version: 0.1-SNAPSHOT template: metadata: annotations: app.quarkus.io/vcs-url: https://github.com/snowdrop-bot/snowdrop-bot.git app.quarkus.io/build-timestamp: 2020-07-16 - 15:21:55 +0000 app.quarkus.io/commit-id: f0de40ca9532974f51d1a23edaa04a5ca79dee25 labels: app.kubernetes.io/name: snowdrop-bot app.kubernetes.io/part-of: snowdrop-bot app.kubernetes.io/version: 0.1-SNAPSHOT spec: containers:
apiVersion: extensions/v1beta1 kind: Ingress metadata: annotations: app.quarkus.io/vcs-url: https://github.com/snowdrop-bot/snowdrop-bot.git app.quarkus.io/build-timestamp: 2020-07-16 - 15:21:55 +0000 app.quarkus.io/commit-id: f0de40ca9532974f51d1a23edaa04a5ca79dee25 labels: app.kubernetes.io/name: snowdrop-bot app.kubernetes.io/part-of: snowdrop-bot app.kubernetes.io/version: 0.1-SNAPSHOT name: snowdrop-bot spec: rules:
The image has been pushed to quay.io/snowdrop/snowdrop-bot
We need the following:
quarkus-openshift
to the projectsnowdrop-github
).Secrets
The project is already configured to automatically provide all properties fo
snowdrop-github
as env variables. What needs to be done is to manually create the secret.The same principal should applies to JIRA too, So we should configure the project to also use
snwodrop-jira
as env variable source and then manually create the secret there.Volumes
The project is configured to use two kind of volumes:
The former is optional and only needed if we need to persist data (I feel that due to the volatile nature of the bot, we better not use persistence for now). So, let's remove it for now. The latter is obsolete so we need to remove it.
Authentication
Add basic authentication to the project