Snowdrop Bot / Deploy to Hetzner

[iocanel]

We need the following:

• [x] Add quarkus-openshift to the project
• [x] Add authentication: snowdrop-bot#88
• [x] Find a kubernetes cluster that can host the bot on hetzner
• [ ] Create secrets that contain all the required information
  • [ ] Github token
  • [x] Jira account
• [x] Tune generated manifests so that they use the secrets as environment variables (secret: snowdrop-github).
• [x] (Optional) create volumes for the database and mount those volumes.
• [x] (Optional on Openshift) Create a docker image for the bot and push an accessible registry.

Secrets

The project is already configured to automatically provide all properties fo snowdrop-github as env variables. What needs to be done is to manually create the secret.

The same principal should applies to JIRA too, So we should configure the project to also use snwodrop-jira as env variable source and then manually create the secret there.

Volumes

The project is configured to use two kind of volumes:

• database persistence volume
• googledocs config file volume

The former is optional and only needed if we need to persist data (I feel that due to the volatile nature of the bot, we better not use persistence for now). So, let's remove it for now. The latter is obsolete so we need to remove it.

Authentication

Add basic authentication to the project

[jacobdotcosta]

@iocanel Should we add some sort of authentication to the bot itself before doing this?

[iocanel]

Yeah, we should probably start with something like basic authentication. In the future we could look into OAUTH via github or soemthing.

[jacobdotcosta]

@cmoulliard This is the ticket we could use to discuss moving to hetzner k8s.

[cmoulliard]

This is the ticket we could use to discuss moving to hetzner k8s.

I suggest that we create an Ansible role to install it on the permanent k8s cluster that we have on Hetzner hosting the Web servers: https://k8s-console.195.201.87.126.nip.io/#/login @jacobdotcosta

[cmoulliard]

What is the status of this task ? Do you want that I help during @jacobdotcosta PTOs to finish it ?

[cmoulliard]

The documentation mentions to create a PV for Create a PV with name snowdrop-db-claim but in fact another one is needed for snowdrop-googledocs

cmd executed:

 kc apply -n bot -f ./target/kubernetes/kubernetes.yml
serviceaccount/snowdrop-bot created
service/snowdrop-bot created
The Deployment "snowdrop-bot" is invalid: spec.template.spec.containers[0].volumeMounts[1].name: Not found: "snowdrop-googledocs"

[cmoulliard]

FYI. Here is the scenario I was able to test successfully using kind localy

kind delete cluster --name boy

cat <<EOF | kind create cluster --name=boy --config=-
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
  kubeadmConfigPatches:
  - |
    kind: InitConfiguration
    nodeRegistration:
      kubeletExtraArgs:
        node-labels: "ingress-ready=true"
  extraPortMappings:
  - containerPort: 80
    hostPort: 80
    protocol: TCP
  - containerPort: 443
    hostPort: 443
    protocol: TCP
EOF

kc apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/kind/deploy.yaml

./mvnw clean package -Dquarkus.container-image.build=true -Dquarkus.container-image.group=quay.io/cmoulliard -Dquarkus.kubernetes.expose=true -Pdocker
docker push quay.io/cmoulliard/snowdrop-bot

kc create ns bot

cat << EOF | kubectl apply -f -
apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv001
spec:
  accessModes:
  - ReadWriteOnce
  capacity:
    storage: 2Gi
  hostPath:
    path: /tmp/pv001
    type: ""
  persistentVolumeReclaimPolicy: Recycle
  volumeMode: Filesystem
EOF

cat << EOF | kubectl apply -n bot -f -
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: snowdrop-db-claim
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 2Gi
  volumeMode: Filesystem
EOF

export GITHUB_TOKEN=`pass-team show github.com/snowdrop-bot/token`
export jira_users=cmoulliard
export jira_username=snowdrop-jirabot
export jira_password=`pass-team show rh/snowdrop-jirabot`

kc delete secret/snowdrop-jira -n bot
kc create secret generic snowdrop-jira --from-literal=jira.username=$jira_username --from-literal=jira.password=$jira_password --from-literal=jira.users=$jira_users -n bot

kc delete secret/snowdrop-github -n bot
kc create secret generic snowdrop-github --from-literal=GITHUB_TOKEN=$GITHUB_TOKEN -n bot

kc delete -n bot -f target/kubernetes/kubernetes.yml -n bot
kc apply -n bot -f target/kubernetes/kubernetes.yml -n bot

# kc scale --replicas=0 deployment.apps/snowdrop-bot -n bot
# kc scale --replicas=1 deployment.apps/snowdrop-bot -n bot

[cmoulliard]

Snowdrop bot is currently deployed on the K8s cluster - http://issues.195.201.87.126.nip.io/# ;-) @jacobdotcosta @iocanel

Here are the steps I followed. Some of them will need to be improved as by example :

• quarkus-k8s cannot generate the host parameter for the ingress route. So, the property has been changed manually within the ingress k8s yaml
• The image should be built using circleci and pushed to quay to avoid to do it manually
• The commands executed should be part of a Ansible role

  
  ./mvnw clean package -Dquarkus.container-image.build=true -Dquarkus.container-image.group=quay.io/snowdrop -Dquarkus.kubernetes.expose=true -Pdocker

docker push quay.io/snowdrop/snowdrop-bot

export KUBECONFIG=~/.kube/k8s-195.201.87.126

kc create ns bot

export GITHUB_TOKEN=pass-team show github.com/snowdrop-bot/token export jira_users=cmoulliard export jira_username=snowdrop-jirabot export jira_password=pass-team show rh/snowdrop-jirabot

kc delete secret/snowdrop-jira -n bot kc create secret generic snowdrop-jira --from-literal=jira.username=$jira_username --from-literal=jira.password=$jira_password --from-literal=jira.users=$jira_users -n bot

kc delete secret/snowdrop-github -n bot kc create secret generic snowdrop-github --from-literal=GITHUB_TOKEN=$GITHUB_TOKEN -n bot

cat << EOF | kubectl apply -n bot -f - apiVersion: v1 kind: PersistentVolumeClaim metadata: name: snowdrop-db-claim spec: accessModes:

• ReadWriteOnce resources: requests: storage: 2Gi volumeMode: Filesystem EOF

cat << EOF | kubectl apply -n bot -f -

apiVersion: v1 kind: ServiceAccount metadata: annotations: app.quarkus.io/vcs-url: https://github.com/snowdrop-bot/snowdrop-bot.git app.quarkus.io/build-timestamp: 2020-07-16 - 15:21:55 +0000 app.quarkus.io/commit-id: f0de40ca9532974f51d1a23edaa04a5ca79dee25 labels: app.kubernetes.io/name: snowdrop-bot app.kubernetes.io/part-of: snowdrop-bot app.kubernetes.io/version: 0.1-SNAPSHOT name: snowdrop-bot

apiVersion: v1 kind: Service metadata: annotations: app.quarkus.io/vcs-url: https://github.com/snowdrop-bot/snowdrop-bot.git app.quarkus.io/build-timestamp: 2020-07-16 - 15:21:55 +0000 app.quarkus.io/commit-id: f0de40ca9532974f51d1a23edaa04a5ca79dee25 labels: app.kubernetes.io/name: snowdrop-bot app.kubernetes.io/part-of: snowdrop-bot app.kubernetes.io/version: 0.1-SNAPSHOT name: snowdrop-bot spec: ports:

• name: http port: 8080 targetPort: 8080 selector: app.kubernetes.io/name: snowdrop-bot app.kubernetes.io/part-of: snowdrop-bot app.kubernetes.io/version: 0.1-SNAPSHOT type: ClusterIP

  apiVersion: apps/v1 kind: Deployment metadata: annotations: app.quarkus.io/vcs-url: https://github.com/snowdrop-bot/snowdrop-bot.git app.quarkus.io/build-timestamp: 2020-07-16 - 15:21:55 +0000 app.quarkus.io/commit-id: f0de40ca9532974f51d1a23edaa04a5ca79dee25 labels: app.kubernetes.io/name: snowdrop-bot app.kubernetes.io/part-of: snowdrop-bot app.kubernetes.io/version: 0.1-SNAPSHOT name: snowdrop-bot spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: snowdrop-bot app.kubernetes.io/part-of: snowdrop-bot app.kubernetes.io/version: 0.1-SNAPSHOT template: metadata: annotations: app.quarkus.io/vcs-url: https://github.com/snowdrop-bot/snowdrop-bot.git app.quarkus.io/build-timestamp: 2020-07-16 - 15:21:55 +0000 app.quarkus.io/commit-id: f0de40ca9532974f51d1a23edaa04a5ca79dee25 labels: app.kubernetes.io/name: snowdrop-bot app.kubernetes.io/part-of: snowdrop-bot app.kubernetes.io/version: 0.1-SNAPSHOT spec: containers:

  • env:
    • name: KUBERNETES_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace envFrom:
    • secretRef: name: snowdrop-github
    • secretRef: name: snowdrop-jira image: quay.io/snowdrop/snowdrop-bot:0.1-SNAPSHOT imagePullPolicy: Always livenessProbe: failureThreshold: 3 httpGet: path: /health/live port: 8080 scheme: HTTP initialDelaySeconds: 0 periodSeconds: 30 successThreshold: 1 timeoutSeconds: 10 name: snowdrop-bot ports:
    • containerPort: 8080 name: http protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /health/ready port: 8080 scheme: HTTP initialDelaySeconds: 0 periodSeconds: 30 successThreshold: 1 timeoutSeconds: 10 volumeMounts:
    • mountPath: /z/var/snowdrop-bot/data/prod name: snowdrop-db readOnly: false subPath: "" serviceAccount: snowdrop-bot volumes:

  • name: snowdrop-db persistentVolumeClaim: claimName: snowdrop-db-claim readOnly: false

    apiVersion: extensions/v1beta1 kind: Ingress metadata: annotations: app.quarkus.io/vcs-url: https://github.com/snowdrop-bot/snowdrop-bot.git app.quarkus.io/build-timestamp: 2020-07-16 - 15:21:55 +0000 app.quarkus.io/commit-id: f0de40ca9532974f51d1a23edaa04a5ca79dee25 labels: app.kubernetes.io/name: snowdrop-bot app.kubernetes.io/part-of: snowdrop-bot app.kubernetes.io/version: 0.1-SNAPSHOT name: snowdrop-bot spec: rules:

• host: issues.195.201.87.126.nip.io http: paths:
  • backend: serviceName: snowdrop-bot servicePort: 8080 path: / EOF

[jacobdotcosta]

The image has been pushed to quay.io/snowdrop/snowdrop-bot