diff --git a/chart/infra-server/argo-values.yaml b/chart/infra-server/argo-values.yaml index 0ac701bb8..c01ea380e 100644 --- a/chart/infra-server/argo-values.yaml +++ b/chart/infra-server/argo-values.yaml @@ -3,6 +3,9 @@ argo-workflows: server: authModes: - server + # We do this separately, because they cannot be installed from the dependant chart. + crds: + install: false controller: # Default values that will apply to all Workflows from this controller, unless overridden on the Workflow-level diff --git a/chart/infra-server/static/flavors.yaml b/chart/infra-server/static/flavors.yaml index cddd7572e..be73eb721 100644 --- a/chart/infra-server/static/flavors.yaml +++ b/chart/infra-server/static/flavors.yaml @@ -494,7 +494,7 @@ name: OpenShift 4.x Perf&Scale description: OpenShift 4.x Perf&Scale availability: stable - workflow: configuration/workflow-openshift-4-perf-scale.yaml + workflow: configuration/workflow-openshift-4.yaml aliases: - ocp-4-perf-scale parameters: @@ -579,6 +579,13 @@ Consult OCP documentation for details. {{ .Chart.Annotations.ocpCredentialsMode }} is the value used by stackrox CI. + - name: keep-failed-cluster + description: Keep failed cluster + value: false + kind: optional + help: | + *Only for debugging infra issues.* If in doubt, please keep to false. + - name: ssd-storage-class description: Ensure an SSD StorageClass is the default StorageClass for the cluster value: false diff --git a/chart/infra-server/static/test-simulate.yaml b/chart/infra-server/static/test-simulate.yaml index 2e7f7cd41..61a77cfc7 100644 --- a/chart/infra-server/static/test-simulate.yaml +++ b/chart/infra-server/static/test-simulate.yaml @@ -4,57 +4,46 @@ metadata: generateName: simulate- spec: entrypoint: start + onExit: stop arguments: parameters: - name: name - name: create-delay-seconds - value: "" - name: create-outcome - value: "" - name: destroy-delay-seconds - value: "" - name: destroy-outcome - value: "" templates: - name: start - steps: - - - name: create - template: simulate + dag: + tasks: + - name: create + templateRef: + name: test-simulate + template: simulate arguments: parameters: - name: delay-seconds value: '{{ "{{" }}workflow.parameters.create-delay-seconds{{ "}}" }}' - name: outcome value: '{{ "{{" }}workflow.parameters.create-outcome{{ "}}" }}' - - - name: wait - template: wait - - - name: destroy - template: simulate + + - name: wait + dependencies: [create] + templateRef: + name: common + template: wait + + - name: stop + dag: + tasks: + - name: destroy + templateRef: + name: test-simulate + template: simulate arguments: parameters: - name: delay-seconds value: '{{ "{{" }}workflow.parameters.destroy-delay-seconds{{ "}}" }}' - name: outcome value: '{{ "{{" }}workflow.parameters.destroy-outcome{{ "}}" }}' - - - name: simulate - inputs: - parameters: - - name: delay-seconds - - name: outcome - script: - image: debian:9.4 - command: [bash] - source: | - set -x - start=0 - while sleep 1; do - if [[ $((start++)) -ge {{ "{{" }}inputs.parameters.delay-seconds{{ "}}" }} ]]; then - break - fi - done - [[ "{{ "{{" }}inputs.parameters.outcome{{ "}}" }}" == "success" ]] || exit 1 - - - name: wait - suspend: {} diff --git a/chart/infra-server/static/workflow-openshift-4-perf-scale.yaml b/chart/infra-server/static/workflow-openshift-4-perf-scale.yaml deleted file mode 100644 index 3a0bdaaa6..000000000 --- a/chart/infra-server/static/workflow-openshift-4-perf-scale.yaml +++ /dev/null @@ -1,181 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Workflow -metadata: - generateName: openshift-4-perf-scale- -spec: - entrypoint: start - arguments: - parameters: - - name: name - - name: openshift-version - value: "" - - name: master-node-type - value: "" - - name: master-node-count - value: "" - - name: worker-node-type - value: "" - - name: worker-node-count - value: "" - - name: region - value: "" - - name: pull-secret - value: "" - - name: fips-enabled - - name: trusted-certs-enabled - - name: credentials-mode - - name: ssd-storage-class - volumeClaimTemplates: - - metadata: - name: data - spec: - accessModes: [ "ReadWriteOnce" ] - resources: - requests: - storage: 10Mi - volumes: - - name: credentials - secret: - secretName: openshift-4-gcp-service-account - - templates: - - name: start - steps: - - - name: create - template: create - - - - name: gather - template: gather - - - - name: wait - template: wait - - - - name: destroy - template: destroy - - - name: create - outputs: - artifacts: - - name: kubeconfig - path: /data/auth/kubeconfig - archive: - none: {} - - name: kubeadmin-password - path: /data/auth/kubeadmin-password - archive: - none: {} - - name: url - path: /data/url - archive: - none: {} - - name: dotenv - path: /data/dotenv - archive: - none: {} - - name: SSH_ACCESS - path: /data/ssh/SSH_ACCESS.md - archive: - none: {} - - name: data - path: /data - archive: - tar: {} - container: - image: quay.io/stackrox-io/ci:automation-flavors-openshift-4-{{ .Chart.Annotations.automationFlavorsVersion }} - imagePullPolicy: Always - command: - - entrypoint.sh - args: - - create - - '{{ "{{" }}workflow.parameters.name{{ "}}" }}' - - ocp.infra.rox.systems - env: - - name: GOOGLE_CREDENTIALS - valueFrom: - secretKeyRef: - name: openshift-4-gcp-service-account - key: google-credentials.json - - name: GCP_PROJECT - value : "acs-team-temp-dev" - - name: PULL_SECRET - valueFrom: - secretKeyRef: - name: redhat-pull-secret - key: REDHAT_PULL_SECRET - - name: USER_PULL_SECRET - value: '{{ "{{" }}workflow.parameters.pull-secret{{ "}}" }}' - - name: OPENSHIFT_VERSION - value: '{{ "{{" }}workflow.parameters.openshift-version{{ "}}" }}' - - name: MASTER_NODE_COUNT - value: '{{ "{{" }}workflow.parameters.master-node-count{{ "}}" }}' - - name: WORKER_NODE_COUNT - value: '{{ "{{" }}workflow.parameters.worker-node-count{{ "}}" }}' - - name: MASTER_NODE_TYPE - value: '{{ "{{" }}workflow.parameters.master-node-type{{ "}}" }}' - - name: WORKER_NODE_TYPE - value: '{{ "{{" }}workflow.parameters.worker-node-type{{ "}}" }}' - - name: REGION - value: '{{ "{{" }}workflow.parameters.region{{ "}}" }}' - - name: FIPS_ENABLED - value: '{{ "{{" }}workflow.parameters.fips-enabled{{ "}}" }}' - - name: TRUSTED_CERTS_ENABLED - value: '{{ "{{" }}workflow.parameters.trusted-certs-enabled{{ "}}" }}' - - name: CREDENTIALS_MODE - value: '{{ "{{" }}workflow.parameters.credentials-mode{{ "}}" }}' - - name: SSD_STORAGE_CLASS - value: '{{ "{{" }}workflow.parameters.ssd-storage-class{{ "}}" }}' - volumeMounts: - - name: data - mountPath: /data - - - name: gather - script: - image: busybox - command: [sh] - source: | - cd /data - . ./dotenv - echo "${OPENSHIFT_CONSOLE_URL}" > cluster-console-url - echo "${OPENSHIFT_CONSOLE_USERNAME}" > cluster-console-username - echo "${OPENSHIFT_CONSOLE_PASSWORD}" > cluster-console-password - volumeMounts: - - name: data - mountPath: /data - outputs: - artifacts: - - name: cluster-console-url - path: /data/cluster-console-url - archive: - none: {} - - name: cluster-console-username - path: /data/cluster-console-username - archive: - none: {} - - name: cluster-console-password - path: /data/cluster-console-password - archive: - none: {} - - - name: wait - suspend: {} - - - name: destroy - container: - image: quay.io/stackrox-io/ci:automation-flavors-openshift-4-{{ .Chart.Annotations.automationFlavorsVersion }} - imagePullPolicy: Always - command: - - entrypoint.sh - args: - - destroy - - '{{ "{{" }}workflow.parameters.name{{ "}}" }}' - env: - - name: GOOGLE_CREDENTIALS - valueFrom: - secretKeyRef: - name: openshift-4-gcp-service-account - key: google-credentials.json - - name: GCP_PROJECT - value : "acs-team-temp-dev" - volumeMounts: - - name: data - mountPath: /data diff --git a/chart/infra-server/static/workflow-openshift-4.yaml b/chart/infra-server/static/workflow-openshift-4.yaml index 5f64bbdb2..d17323418 100644 --- a/chart/infra-server/static/workflow-openshift-4.yaml +++ b/chart/infra-server/static/workflow-openshift-4.yaml @@ -24,7 +24,7 @@ spec: - name: fips-enabled - name: trusted-certs-enabled - name: credentials-mode - - name: keep-failed-cluster + - name: keep-failed-cluster # this not present in openshift-4-perf-scale - name: ssd-storage-class volumeClaimTemplates: - metadata: diff --git a/chart/infra-server/templates/secrets.yaml b/chart/infra-server/templates/secrets.yaml index 2147de435..ddf06699f 100644 --- a/chart/infra-server/templates/secrets.yaml +++ b/chart/infra-server/templates/secrets.yaml @@ -46,9 +46,6 @@ data: workflow-openshift-4-demo.yaml: |- {{- tpl (.Files.Get "static/workflow-openshift-4-demo.yaml" ) . | b64enc | nindent 4 }} - workflow-openshift-4-perf-scale.yaml: |- - {{- tpl (.Files.Get "static/workflow-openshift-4-perf-scale.yaml" ) . | b64enc | nindent 4 }} - workflow-eks.yaml: |- {{- tpl (.Files.Get "static/workflow-eks.yaml" ) . | b64enc | nindent 4 }} diff --git a/chart/infra-server/templates/workflowtemplates/common.yaml b/chart/infra-server/templates/workflowtemplates/common.yaml new file mode 100644 index 000000000..a8f6bad03 --- /dev/null +++ b/chart/infra-server/templates/workflowtemplates/common.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: WorkflowTemplate +metadata: + name: common + namespace: default +spec: + templates: + - name: wait + suspend: {} diff --git a/chart/infra-server/templates/workflowtemplates/test-simulate.yaml b/chart/infra-server/templates/workflowtemplates/test-simulate.yaml new file mode 100644 index 000000000..066a80d15 --- /dev/null +++ b/chart/infra-server/templates/workflowtemplates/test-simulate.yaml @@ -0,0 +1,25 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: WorkflowTemplate +metadata: + name: test-simulate + namespace: default +spec: + templates: + - name: simulate + inputs: + parameters: + - name: delay-seconds + - name: outcome + script: + image: debian:9.4 + command: [bash] + source: | + set -x + start=0 + while sleep 1; do + if [[ $((start++)) -ge {{ "{{" }}inputs.parameters.delay-seconds{{ "}}" }} ]]; then + break + fi + done + [[ "{{ "{{" }}inputs.parameters.outcome{{ "}}" }}" == "success" ]] || exit 1 diff --git a/scripts/deploy/helm.sh b/scripts/deploy/helm.sh index df4ee2853..073f2d0cb 100755 --- a/scripts/deploy/helm.sh +++ b/scripts/deploy/helm.sh @@ -14,6 +14,7 @@ TEST_MODE="${TEST_MODE:-false}" SECRETS_PROJECT="acs-team-automation" RELEASE_NAMESPACE="infra" RELEASE_NAME="infra-server" +ARGO_WORKFLOWS_APP_VERSION="v3.6.5" check_not_empty() { for V in "$@"; do @@ -25,6 +26,11 @@ check_not_empty() { done } +install_crds() { + kubectl apply --kustomize \ + "https://github.com/argoproj/argo-workflows/manifests/base/crds/minimal?ref=${ARGO_WORKFLOWS_APP_VERSION}" +} + template() { # Need to use helm upgrade --dry-run to have .Capabilities context available helm upgrade \ @@ -102,4 +108,5 @@ diff() { } check_not_empty TASK TAG ENVIRONMENT +install_crds eval "$TASK"